- From: David Chadwick <d.w.chadwick@kent.ac.uk>
- Date: Mon, 01 Oct 2012 12:52:53 +0100
- To: Kingsley Idehen <kidehen@openlinksw.com>
- CC: public-xg-webid@w3.org
Hi Kingsley On 30/09/2012 18:20, Kingsley Idehen wrote: > On 9/30/12 2:54 AM, David Chadwick wrote: >> Hi Bart >> >> I was not able to validate your certificate with Thunderbird. The >> certificate issuer (O=netage) is not trusted. Also there was no self >> signed CA certificate displayed to me by Thunderbird, so I cannot tell >> whether you included this in your certificate chain or not. I suspect >> not. >> >> After exporting your cert to a file, it was not possible to import it >> into either Thunderbird or Firefox as the signer is unknown and >> untrusted. So I am not able to validate your signed message > > The problem here is that Thunderbird just another example of a tool with > poor UX. It is still hardwired to the flaw and centralized CA (cert. > authority) network. A modern UX will let the user decide if they want to > trust an identity or not. This is what you see on iOS, for instance. > Ditto if using Mac Mail. > > Back to WebID and Thunderbird, even if you have a "?" (or some other UI Worse than that, its a big red cross X > cue that warns you about the senders cert.) the real value lies in being > able to view the (artificially questionable) certificate en route to > locating the WebID embedded in the SAN (Subject Alternative Name) slot. > Once you locate the WebID (which is just a Personal de-referencable URI) > simply cut and paste to your browser and the full effect manifests :-) But you are correct. Cutting and pasting the SAN URL into a browser does bring up everything about your web id regards David > > Kingsley >> >> regards >> >> David >> >> >> >> On 29/09/2012 09:43, Bart van Leeuwen wrote: >>> Hi Kingsley, >>> >>> You are right ! we need to start using it ourselves as well ! >>> >>> I'm sending this message with Lotus Notes 8.5 and signed it with my >>> WebID certificate. >>> >>> The only 'issue' I had was that the webid certificate should include a >>> certification chain, I used XCA on linux to create a selfsigned CA and >>> then created a WebID certificate with that. >>> Exported the certificate as PKCS#12 format with keychaing and used the >>> following guide to import it. >>> >>> http://www.oreillynet.com/sysadmin/blog/2005/08/sending_smime_encryptedsigned.html >>> >>> >>> >>> Met Vriendelijke Groet / With Kind Regards >>> Bart van Leeuwen >>> @semanticfire >>> >>> ############################################################## >>> # netage.nl >>> # http://netage.nl <http://netage.nl/> >>> # Enschedepad 76 >>> # 1324 GJ Almere >>> # The Netherlands >>> # tel. +31(0)36-5347479 >>> ############################################################## >>> >>> >>> >>> From: Kingsley Idehen <kidehen@openlinksw.com> >>> To: "public-rww@w3.org" <public-rww@w3.org>, WebID XG >>> <public-xg-webid@w3.org>, >>> Date: 28-09-2012 13:37 >>> Subject: Getting Serious about WebID Bootstrap >>> ------------------------------------------------------------------------ >>> >>> >>> >>> All, >>> >>> Bootstrapping anything on the Web requires technology implementer to use >>> (dog-food) whatever technology they seek to promote to others. Thus, I >>> would like to encourage every participant in the RWW and WebID community >>> groups to make a best-effort to start signing emails, moving forward. >>> >>> Naturally, these emails should be signed using an WebID watermarked >>> X.509 certificate. Certificate generation choices include: >>> >>> 1. Native generators that come with your desktop OS -- Mac OS X, >>> Windows, and Linux all include such a utility >>> 2. Certificate generators from WebID IdPs -- I have a list here: >>> http://delicious.com/kidehen/webid+webid_idp(ping me if you have a >>> generator that's unlisted) . >>> >>> Over the last year or so, I've written a number of how-to guides [1] >>> covering how to sign emails across all the major native email clients. >>> >>> Once again, if we don't sign our emails we loose a simple opportunity to >>> showcase the utility of WebIDs and the WebID authentication protocol. >>> Being able to follow-your-nose from a WebID that watermarks an email >>> senders certificate is a very simple utility showcase for both WebID and >>> Linked Data. >>> >>> We can do this! >>> >>> Links: >>> >>> 1. http://bit.ly/VTnxzz-- collection of G+ hosted howtos (for all the >>> major native email clients) covering how to digitally sign emails . >>> >>> -- >>> >>> Regards, >>> >>> Kingsley Idehen >>> Founder & CEO >>> OpenLink Software >>> Company Web: http://www.openlinksw.com <http://www.openlinksw.com/> >>> Personal Weblog: http://www.openlinksw.com/blog/~kidehen >>> Twitter/Identi.ca handle: @kidehen >>> Google+ Profile: https://plus.google.com/112399767740508618350/about >>> LinkedIn Profile: http://www.linkedin.com/in/kidehen >>> >>> >>> >>> >>> >>> >> >> >> > >
Received on Monday, 1 October 2012 11:53:23 UTC