W3C home > Mailing lists > Public > public-xg-webid@w3.org > October 2012

Re: Getting Serious about WebID Bootstrap

From: David Chadwick <d.w.chadwick@kent.ac.uk>
Date: Mon, 01 Oct 2012 12:52:53 +0100
Message-ID: <50698415.6080705@kent.ac.uk>
To: Kingsley Idehen <kidehen@openlinksw.com>
CC: public-xg-webid@w3.org
Hi Kingsley

On 30/09/2012 18:20, Kingsley Idehen wrote:
> On 9/30/12 2:54 AM, David Chadwick wrote:
>> Hi Bart
>>
>> I was not able to validate your certificate with Thunderbird. The
>> certificate issuer (O=netage) is not trusted. Also there was no self
>> signed CA certificate displayed to me by Thunderbird, so I cannot tell
>> whether you included this in your certificate chain or not. I suspect
>> not.
>>
>> After exporting your cert to a file, it was not possible to import it
>> into either Thunderbird or Firefox as the signer is unknown and
>> untrusted. So I am not able to validate your signed message
>
> The problem here is that Thunderbird just another example of a tool with
> poor UX. It is still hardwired to the flaw and centralized CA (cert.
> authority) network. A modern UX will let the user decide if they want to
> trust an identity or not. This is what you see on iOS, for instance.
> Ditto if using Mac Mail.
>
> Back to WebID and Thunderbird, even if you have a "?" (or some other UI

Worse than that, its a big red cross X

> cue that warns you about the senders cert.) the real value lies in being
> able to view the (artificially questionable) certificate en route to
> locating the WebID embedded in the SAN (Subject Alternative Name) slot.
> Once you locate the WebID (which is just a Personal de-referencable URI)
> simply cut and paste to your browser and the full effect manifests :-)

But you are correct. Cutting and pasting the SAN URL into a browser does 
bring up everything about your web id

regards

David

>
> Kingsley
>>
>> regards
>>
>> David
>>
>>
>>
>> On 29/09/2012 09:43, Bart van Leeuwen wrote:
>>> Hi Kingsley,
>>>
>>> You are right ! we need to start using it ourselves as well !
>>>
>>> I'm sending this message with Lotus Notes 8.5 and signed it with my
>>> WebID certificate.
>>>
>>> The only 'issue' I had was that the webid certificate should include a
>>> certification chain, I used XCA on linux to create a selfsigned CA and
>>> then created a WebID certificate with that.
>>> Exported the certificate as PKCS#12 format with keychaing and used the
>>> following guide to import it.
>>>
>>> http://www.oreillynet.com/sysadmin/blog/2005/08/sending_smime_encryptedsigned.html
>>>
>>>
>>>
>>> Met Vriendelijke Groet / With Kind Regards
>>> Bart van Leeuwen
>>> @semanticfire
>>>
>>> ##############################################################
>>> # netage.nl
>>> # http://netage.nl <http://netage.nl/>
>>> # Enschedepad 76
>>> # 1324 GJ Almere
>>> # The Netherlands
>>> # tel. +31(0)36-5347479
>>> ##############################################################
>>>
>>>
>>>
>>> From: Kingsley Idehen <kidehen@openlinksw.com>
>>> To: "public-rww@w3.org" <public-rww@w3.org>, WebID XG
>>> <public-xg-webid@w3.org>,
>>> Date: 28-09-2012 13:37
>>> Subject: Getting Serious about WebID Bootstrap
>>> ------------------------------------------------------------------------
>>>
>>>
>>>
>>> All,
>>>
>>> Bootstrapping anything on the Web requires technology implementer to use
>>> (dog-food) whatever technology they seek to promote to others. Thus, I
>>> would like to encourage every participant in the RWW and WebID community
>>> groups to make a best-effort to start signing emails, moving forward.
>>>
>>> Naturally, these emails should be signed using an WebID watermarked
>>> X.509 certificate. Certificate generation choices include:
>>>
>>> 1. Native generators that come with your desktop OS -- Mac OS X,
>>> Windows, and Linux all include such a utility
>>> 2. Certificate generators from WebID IdPs -- I have a list here:
>>> http://delicious.com/kidehen/webid+webid_idp(ping me if you have a
>>> generator that's unlisted) .
>>>
>>> Over the last year or so, I've written a number of how-to guides [1]
>>> covering how to sign emails across all the major native email clients.
>>>
>>> Once again, if we don't sign our emails we loose a simple opportunity to
>>> showcase the utility of WebIDs and the WebID authentication protocol.
>>> Being able to follow-your-nose from a WebID that watermarks an email
>>> senders certificate is a very simple utility showcase for both WebID and
>>> Linked Data.
>>>
>>> We can do this!
>>>
>>> Links:
>>>
>>> 1. http://bit.ly/VTnxzz-- collection of G+ hosted howtos (for all the
>>> major native email clients) covering how to digitally sign emails .
>>>
>>> --
>>>
>>> Regards,
>>>
>>> Kingsley Idehen
>>> Founder & CEO
>>> OpenLink Software
>>> Company Web: http://www.openlinksw.com <http://www.openlinksw.com/>
>>> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
>>> Twitter/Identi.ca handle: @kidehen
>>> Google+ Profile: https://plus.google.com/112399767740508618350/about
>>> LinkedIn Profile: http://www.linkedin.com/in/kidehen
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>
>
Received on Monday, 1 October 2012 11:53:23 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:31 UTC