Re: exiting the WebID email experiment - Was: Adding an email address to a SAN from Kingsley Idehen on 2012-11-14 (public-xg-webid@w3.org from November 2012)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Wed, 14 Nov 2012 12:40:26 -0500
To: public-xg-webid@w3.org
Message-ID: <50A3D78A.9010105@openlinksw.com>
On 11/14/12 3:57 AM, Henry Story wrote:
> Just to say, but I have stopped this experiment. For me sending mail 
> is too
> important in communication.  If some existing servers start rejecting 
> mail or
> having trouble because they don't know my CA ( and of course few will know
> WebID ) then the cost in communication is too high for the benefit.
>
> I had a report that my Certificate was causing some windows machine to
> spend ten minutes trying to verify my certificate. It is not a big 
> step from there
> until someone determines these are denial of service attacks and 
> blocks my mail.
>
> So in my view this experiment could be thought of as viral, but in the 
> negative
> sense. It is exactly the kind of experiment that could cause the 
> system to put
> up unnecessary antibodies and make it more difficult for members of 
> our community
> to spread their message.
>

-100

The Director of the CIA's email was compromised because he used GMAIL.

How can you state that not using an existing standard solves a problem 
is bad? At the same time you want to use TLS, X.509 etc.. to address 
identity and privacy challenges. Nothing to do with PKI is smooth right 
now, and that's for the very reasons most of us are trying to make WebID 
work.

Kingsley
>
> Henry
>
>
> On 14 Nov 2012, at 09:34, Melvin Carvalho <melvincarvalho@gmail.com 
> <mailto:melvincarvalho@gmail.com>> wrote:
>
>>
>>
>> On 18 October 2012 21:35, Kingsley Idehen <kidehen@openlinksw.com 
>> <mailto:kidehen@openlinksw.com>> wrote:
>>
>>     On 10/18/12 2:31 PM, Melvin Carvalho wrote:
>>>
>>>
>>>     On 18 October 2012 20:26, Kingsley Idehen
>>>     <kidehen@openlinksw.com <mailto:kidehen@openlinksw.com>> wrote:
>>>
>>>         On 10/18/12 2:12 PM, Andrei Sambra wrote:
>>>
>>>             On 10/18/12 19:19, Melvin Carvalho wrote:
>>>
>>>                 It seems for the dogfooding use case of signing your
>>>                 emails for SMIME
>>>                 you also need to add your email address to your SAN.
>>>
>>>                 Assuming I have got that correct, does anyone know
>>>                 an easy way to do this?
>>>
>>>             You can use https://my-profile.eu
>>>             <https://my-profile.eu/> :)
>>>
>>>             There's a cert generation page
>>>             (https://my-profile.eu/certgen.php) in which you can
>>>             specify an email address to be added along your WebID URI.
>>>
>>>             Andrei
>>>
>>>
>>>
>>>         Trouble is that Melvin wants to complete the process by hand :-)
>>>
>>>
>>>     I dont necessarily need to do this by hand.
>>>
>>
>>     If you don't need to do it by hand then you have existing
>>     services in place to help you. Andrei pointed you to
>>     my-profile.eu <http://my-profile.eu/> (which you are familiar
>>     with) and I you can also use the service at:
>>     http://id.myopenlink.net/certgen .
>>
>>>     But I'd like to keep my existing cert just ADD the email on top
>>>     of my http: URI.
>>
>>     You mean you want to keep your existing WebID since you can't
>>     patch a generated cert.
>>
>>>
>>>     Reason is that I have the same key for a long time and it's also
>>>     my GPG key, SSH, etc.
>>
>>     You can have multiple keys in the SAN of certificates that we
>>     produce. Or even simpler, cross reference your URIs in your
>>     profile graphs via owl:sameAs.
>>
>>
>> OK, I've managed to create a special cert for email only with the 
>> same key.
>>
>> What should be the EXACT SAN for signing email?
>>
>> I have:
>>
>> URI: http://melvincarvalho.com/#me, mailto:melvincarvalho@gmail.com 
>> <mailto:melvincarvalho@gmail.com>
>>
>> But it's still not working yet ...\
>
>
>
>
>>
>>
>>>
>>>         -- 
>>>
>>>         Regards,
>>>
>>>         Kingsley Idehen
>>>         Founder & CEO
>>>         OpenLink Software
>>>         Company Web: http://www.openlinksw.com
>>>         <http://www.openlinksw.com/>
>>>         Personal Weblog: http://www.openlinksw.com/blog/~kidehen
>>>         <http://www.openlinksw.com/blog/%7Ekidehen>
>>>         Twitter/Identi.ca <http://Identi.ca> handle: @kidehen
>>>         Google+ Profile:
>>>         https://plus.google.com/112399767740508618350/about
>>>         LinkedIn Profile: http://www.linkedin.com/in/kidehen
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>     -- 
>>
>>     Regards,
>>
>>     Kingsley Idehen	
>>     Founder & CEO
>>     OpenLink Software
>>     Company Web:http://www.openlinksw.com  <http://www.openlinksw.com/>
>>     Personal Weblog:http://www.openlinksw.com/blog/~kidehen  <http://www.openlinksw.com/blog/%7Ekidehen>
>>     Twitter/Identi.ca  <http://Identi.ca>  handle: @kidehen
>>     Google+ Profile:https://plus.google.com/112399767740508618350/about
>>     LinkedIn Profile:http://www.linkedin.com/in/kidehen
>>
>>
>>
>>
>>
>
> Social Web Architect
> http://bblfish.net/
>


-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen
Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Wednesday, 14 November 2012 17:40:54 UTC