W3C home > Mailing lists > Public > public-xg-webid@w3.org > January 2012

RE: WebID equivalence

From: Peter Williams <home_pw@msn.com>
Date: Tue, 3 Jan 2012 12:12:45 -0800
Message-ID: <SNT143-W29DBAB2BAFAA1A72641A6F92960@phx.gbl>
To: <mo.mcroberts@bbc.co.uk>, <kidehen@openlinksw.com>
CC: "public-xg-webid@w3.org" <public-xg-webid@w3.org>


Concerning validation-centric thinking, and 3 generations of root ca that ive been involved in, see http://yorkporc.wordpress.com/2012/01/03/validation-fabric-and-uri-in-cn/ Note type 3. Its has a URI in the CN.  The world didnt collapse. In fact, there are 3 roots that have that display name, onbe of which got sold for a million dollars as an asset transfer, and is now owned by folks who do NOT control www.valicert.com domain name (if it even exists). A certain lawyer (rather famous these days in goverment circles on federal trust networking) also wroteup the policy, for a validation-centric reliance model. SOmeone even wrote up an aligned (Mphil-grade) phd dissertaion addressing the theory (that was classifed as total crap, on examination). But, its fun being on the leading edge.  > From: mo.mcroberts@bbc.co.uk
> Date: Tue, 3 Jan 2012 14:28:38 +0000
> CC: public-xg-webid@w3.org
> To: kidehen@openlinksw.com
> Subject: Re: WebID equivalence
> 
> 
> On 3 Jan 2012, at 14:06, Kingsley Idehen wrote:
> 
> > On 1/3/12 7:22 AM, Henry Story wrote:
> >>> What is an important point to consider re. WebID is what should be done when the CN contains URLs?
> >> A Common Name is not meant to be a URL so there is nothing to do there, unless you want to do screen scraping or detective work.
> > 
> > So you are claiming this is wrong then?
> > 
> > Subject: C=US, ST=Maryland, L=Pasadena, O=Brent Baccala,
> >                 OU=FreeSoft,CN=www.freesoft.org/emailAddress=baccala@freesoft.org
> 
> 
> CN=www.freesoft.org is not a CN containing a URL, for a start. A CN is effectively arbitrary, will often be used for matching (cf. clients comparing SSL server hostnames).
> 
> (You could add a URI as a DN attribute, though, if you know the signing entity will accept it  just pick or define an appropriate attribute OID).
> 
> Whether *parts* of a DN should trigger special processing on the part of a receiver is a different matter. I can't recall what ITU recs have to say on the subject. I do know that a number of free personal certificate issuers mandate that the CN is a fixed string.
> 
> M.
> 
> -- 
> Mo McRoberts - Technical Lead - The Space,
> 0141 422 6036 (Internal: 01-26036) - PGP key CEBCF03E,
> Project Office: Room 7083, BBC Television Centre, London W12 7RJ
> 
> 
> 
> 
 		 	   		  
Received on Tuesday, 3 January 2012 20:15:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 January 2012 20:15:46 GMT