Re: Getting Serious about WebID Bootstrap

On 9/30/12 2:54 AM, David Chadwick wrote:
> Hi Bart
>
> I was not able to validate your certificate with Thunderbird. The 
> certificate issuer (O=netage) is not trusted. Also there was no self 
> signed CA certificate displayed to me by Thunderbird, so I cannot tell 
> whether you included this in your certificate chain or not. I suspect 
> not.
>
> After exporting your cert to a file, it was not possible to import it 
> into either Thunderbird or Firefox as the signer is unknown and 
> untrusted. So I am not able to validate your signed message

The problem here is that Thunderbird just another example of a tool with 
poor UX. It is still hardwired to the flaw and centralized CA (cert. 
authority) network. A modern UX will let the user decide if they want to 
trust an identity or not. This is what you see on iOS, for instance. 
Ditto if using Mac Mail.

Back to WebID and Thunderbird, even if you have a "?" (or some other UI 
cue that warns you about the senders cert.) the real value lies in being 
able to view the (artificially questionable) certificate en route to 
locating the WebID embedded in the SAN (Subject Alternative Name) slot. 
Once you locate the WebID (which is just a Personal de-referencable URI) 
simply cut and paste to your browser and the full effect manifests :-)

Kingsley
>
> regards
>
> David
>
>
>
> On 29/09/2012 09:43, Bart van Leeuwen wrote:
>> Hi Kingsley,
>>
>> You are right ! we need to start using it ourselves as well !
>>
>> I'm sending this message with Lotus Notes 8.5 and signed it with my
>> WebID certificate.
>>
>> The only 'issue' I had was that the webid certificate should include a
>> certification chain, I used XCA on linux to create a selfsigned CA and
>> then created a WebID certificate with that.
>> Exported the certificate as PKCS#12 format with keychaing and used the
>> following guide to import it.
>>
>> http://www.oreillynet.com/sysadmin/blog/2005/08/sending_smime_encryptedsigned.html 
>>
>>
>>
>> Met Vriendelijke Groet / With Kind Regards
>> Bart van Leeuwen
>> @semanticfire
>>
>> ##############################################################
>> # netage.nl
>> # http://netage.nl <http://netage.nl/>
>> # Enschedepad 76
>> # 1324 GJ Almere
>> # The Netherlands
>> # tel. +31(0)36-5347479
>> ##############################################################
>>
>>
>>
>> From: Kingsley Idehen <kidehen@openlinksw.com>
>> To: "public-rww@w3.org" <public-rww@w3.org>, WebID XG
>> <public-xg-webid@w3.org>,
>> Date: 28-09-2012 13:37
>> Subject: Getting Serious about WebID Bootstrap
>> ------------------------------------------------------------------------
>>
>>
>>
>> All,
>>
>> Bootstrapping anything on the Web requires technology implementer to use
>> (dog-food) whatever technology they seek to promote to others. Thus, I
>> would like to encourage every participant in the RWW and WebID community
>> groups to make a best-effort to start signing emails, moving forward.
>>
>> Naturally, these emails should be signed using an WebID watermarked
>> X.509 certificate. Certificate generation choices include:
>>
>> 1. Native generators that come with your desktop OS -- Mac OS X,
>> Windows, and Linux all include such a utility
>> 2. Certificate generators from WebID IdPs -- I have a list here:
>> http://delicious.com/kidehen/webid+webid_idp(ping me if you have a
>> generator that's unlisted) .
>>
>> Over the last year or so, I've written a number of how-to guides [1]
>> covering how to sign emails across all the major native email clients.
>>
>> Once again, if we don't sign our emails we loose a simple opportunity to
>> showcase the utility of WebIDs and the WebID authentication protocol.
>> Being able to follow-your-nose from a WebID that watermarks an email
>> senders certificate is a very simple utility showcase for both WebID and
>> Linked Data.
>>
>> We can do this!
>>
>> Links:
>>
>> 1. http://bit.ly/VTnxzz-- collection of G+ hosted howtos (for all the
>> major native email clients) covering how to digitally sign emails .
>>
>> -- 
>>
>> Regards,
>>
>> Kingsley Idehen
>> Founder & CEO
>> OpenLink Software
>> Company Web: http://www.openlinksw.com <http://www.openlinksw.com/>
>> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
>> Twitter/Identi.ca handle: @kidehen
>> Google+ Profile: https://plus.google.com/112399767740508618350/about
>> LinkedIn Profile: http://www.linkedin.com/in/kidehen
>>
>>
>>
>>
>>
>>
>
>
>


-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen