W3C home > Mailing lists > Public > public-xg-webid@w3.org > February 2011

RE: WebID-ISSUE-28 (bblfish): How does the WebID protocol (foaf+ssl) interact with TLS proxies [User Interface/Browsers]

From: peter williams <home_pw@msn.com>
Date: Sat, 12 Feb 2011 10:45:09 -0800
Message-ID: <SNT143-ds116955A380B0B2DB2531BD92EE0@phx.gbl>
To: "'WebID Incubator Group WG'" <public-xg-webid@w3.org>
What follows is excellent - and its reinforcing why I asked that "DTLS" (and
EAP-TTLS, and SSL for uPnP, and .) be included in the incubator charter: to
allow the whole topic of non-traditional SSL handshakes to be considered. We
really are defining https-ng, including its connectionless variants.

 

Related: At the IETF meeting in Maastrict (July 2010) there was a  

presentation at the SAAG meeting about a method to allow enterprise  

scanning of encrypted traffic by scanners along the network.  

 <http://www.ietf.org/proceedings/78/slides/saag-2.pdf>
http://www.ietf.org/proceedings/78/slides/saag-2.pdf .

 

We are going to have maintain the split, between what IETF is good at and
what W3C can add - when bringing onto the internet the foaf:agent that makes
logical statements (now authenticated-statements) in purely
information-object based layer-7 protocols.

 

In one sense, the secure semantic web reduces the internet to a bit pipe.
All the internet has to do is enable SSL handshakes to occur, which logical
theorems then compose to define signaling protocols with properties X Y and
Z. In another sense, the internet can get us to 80% assurance of such a
handshake-sigalling infrastructure quickly, allowing the web then to add n
20% additional assurance for each sub-community that cares enough to get its
act together and compose those handshakes for theorem P, Q and R.

 

The trick is to retain the divide between web and internet, so the
domineering goal of a single uniform security architecture for the internet
doesn't interfere with the delivery of the many 20% value adds that the web
can bring. If I think of the internet as delivering 80% of the low assurance
by default, I think of the web as adding for 20% more effort medium
assurance(s). If the web wants to subclass the internet and override its
assurance with something better defined for a particular group, it  can.

 

 

 
Received on Saturday, 12 February 2011 18:46:04 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:22 UTC