W3C home > Mailing lists > Public > public-xg-webid@w3.org > January 2011

Re: WebID-ISSUE-16: Easy cross-browser certificate transfer

From: Henry Story <henry.story@bblfish.net>
Date: Mon, 31 Jan 2011 18:41:50 +0100
Message-Id: <6D9DBE08-DFF1-47BE-B454-2F67F0EEF1CC@bblfish.net>
To: WebID Incubator Group WG <public-xg-webid@w3.org>

On 31 Jan 2011, at 18:01, WebID Incubator Group Issue Tracker wrote:
> 
> One of the strongest arguments against technologies like WebID is the concern of transferring certificates from one browser to the next. There have been studies performed on this particular issue and both creating one-certificate-per-browser and having to copy certificates across browsers have been met with very strong usability concerns.

It is very easy to create certificates in the browser as demonstrated by the
video that certainly needs improving "How to create a WebID in 4 minutes"

   http://www.youtube.com/watch?v=S4dlMTZhUDc

So this argument does not hold water as far as the issue of the need to move certificates or 
even create certificates. It seems to contradicts the alleged study that says it is difficult. 
So we need to see that study and its results to understand this.

> 
> There is a protocol that has been outlined by Ben Laurie for storing private keys on remote servers:
> 
> http://www.links.org/files/nigori/nigori-protocol-01.html

Formats for storing keys and other encrypted content remotely can be useful. In RDF this may 
be as easy as just adding some triples to the Profile Document pointing to it. 
If this is to be useful it would have to be taken up by web browsers, which on finding a profile page,
would be able to find the private key and load it.

> We may want to consider inclusion of this technology into the specification as it would certainly make the Javascript implementations of WebID more attractive to those that have concerns about cross-browser certificate transfer.




Social Web Architect
http://bblfish.net/
Received on Monday, 31 January 2011 17:42:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 31 January 2011 17:42:43 GMT