Re: WebID and Signed Emails

On 4 Nov 2010, at 23:32, Kingsley Idehen wrote:

> On 11/4/10 6:48 PM, Melvin Carvalho wrote:
>> On 4 November 2010 23:24, Kingsley Idehen<kidehen@openlinksw.com>  wrote:
>>> On 11/4/10 5:09 PM, Mischa Tuffield wrote:
>>> 
>>> Drawing an analogy, this email is signed, I am not signed, the email has a
>>> uri identifying the person which sent, and they are quite different.
>>> 
>>> Cheers,
>>> 
>>> Mischa *2 [cents|pence] worth
>>> 
>>>> Best,
>>>> 
>>>> Nathan
>>>> 
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG/MacGPG2 v2.0.12 (Darwin)
>>> 
>>> iQIcBAEBAgAGBQJM0yETAAoJEJ7QsE5R8vfvsQoQALCxpsT7wfjSHLIiYsHCuf/8
>>> KSXHqMMUBiHNJyc8asFyfA9+CGMOM3r3b/kmF5KNPmg49RB9bon5Jlb5fiCvBr5J
>>> TXYk+5s7iFpLENzhWhDJhCpIX8ZC/HBXDJ/Vpkjijesa3W+5dL/G+4RHYXCpUTi1
>>> Rwc6FA57pZTb1NnKgmEdK6jCO4sZBhdkyCKaWwlvK1zig07XdP1/CVmblGWpaSuc
>>> oXJZ9cUf0gKnwI4NDO7B/PjgvfMH7/8pWVPx56f68rk/fnXaOB0aWbxCwuIuDeL/
>>> obzLU1i7oxjnKD4TMdH+bULJAnZvndyLWPRJBorhfJQqfnvV9xAJGTWAWxf4G5Xh
>>> r5iHA5FsLIw1GFBuMhWHVsFXtuDhCXrXzWxOTlSPGx43/bIZtXeQbTXcbUvI5zGU
>>> RAU6etCOFuCEo46H+i0T5yJfUz0OhwjYNBSIqIZq/FDpt9rkCKNavXIhRmazKCoI
>>> l7Lh5zouk9UH+wuKfE4Z0yAbXDTgobmbqcZzKzBXgzx9B8haYuCEKXcbmBbWIt2h
>>> +p2OkAEBfngZZMtz2Wi5WQWE/dgv0cPjX19y9sHcXpaop6i9kFArQeCuYb/p+6fr
>>> G1FnjZYTOKWex9eQd88oxzlisFafyU8cgTX2VxEdiH6Ko7yD1wdhyAw8KYegEnL+
>>> 4O+cZmx+6w0HQNwM2T5D
>>> =Q5HZ
>>> -----END PGP SIGNATURE-----
>>> 
>>> 
>>> Misca,
>>> 
>>> Nice of you to bring this up, I've changed topic heading accordingly.
>>> 
>>> Now imagine if your signature also included your WebID. Then my email client
>>> would verify your mails using the WebID protocol :-)
>>> 
>>> Another example of the power of Linked Data!
>> Do you even need your WebID in your signature?

Nah, don't think it is needed ...

> 
> No, not really. Got wires a little crossed, too much multi tasking today, even by my standards :-)
> 
> I should be able to verify the sender of the a signed email by verifying the public key in my possession which boils down to S/MIME + WebID tweak. Thus, removing CA dependency by allowing self-signed certs.
>> What if your WebID pointed to your PGP credentials?
> 
> That too, and will ultimately be on of the options, I suspect.

I have that stated in my foaf file [1], using the WOT ontology [2], stating that my WebID [3] is the identity of my PGP credentials. 

[1] http://mmt.me.uk/foaf.rdf
[2] http://xmlns.com/wot/0.1/ 
[3] http://mmt.me.uk/foaf.rdf#mischa 

Best, 

Mischa

> 
> 
> Kingsley
>>> --
>>> 
>>> Regards,
>>> 
>>> Kingsley Idehen	
>>> President&  CEO
>>> OpenLink Software
>>> Web: http://www.openlinksw.com
>>> Weblog: http://www.openlinksw.com/blog/~kidehen
>>> Twitter/Identi.ca: kidehen
>>> 
>>> 
>>> 
>>> 
>>> 
>> 
> 
> 
> -- 
> 
> Regards,
> 
> Kingsley Idehen	
> President&  CEO
> OpenLink Software
> Web: http://www.openlinksw.com
> Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca: kidehen
> 
> 
> 
> 
> 
> 

Received on Friday, 5 November 2010 11:49:54 UTC