- From: Jürgen Jakobitsch <j.jakobitsch@semantic-web.at>
- Date: Tue, 17 Jul 2012 09:34:10 +0200 (CEST)
- To: Kingsley Idehen <kidehen@openlinksw.com>
- Cc: public-rww@w3.org
hi, tried again and worked fine, note to self [1]. tried to send signed email for others to check from office@turnguard.com, but something else got wrong and mail didn't get delivered. need to setup this email adress in another client (currently : zimbra collaboration suite), then will send signed mails only... yeah! arigato turnguard [1] http://1.bp.blogspot.com/_rU308YJ3usM/SvH9v7viroI/AAAAAAAABHY/FaHuC3Fg-o0/s400/ReadingisSexy.jpg ----- Original Message ----- From: "Kingsley Idehen" <kidehen@openlinksw.com> To: "Jürgen Jakobitsch" <j.jakobitsch@semantic-web.at> Cc: public-rww@w3.org Sent: Monday, July 16, 2012 11:01:24 PM Subject: Re: Signed Email WebID On 7/16/12 4:09 PM, Jürgen Jakobitsch wrote: > ok, > > i think sending signed email is not really the problem, > i think every one of us should manage to get this done. > > however, at least for me the problem is : > > how can i (as a normal user) create a certificate that is trusted > by a common ca authority with a webID. You need to add the CA certificate of the cert issuer to your email clients trust chain. I am really keen to simplify this effort, so if you could try to set this up based on my instructions it will ultimately help me make the guide clearer. YouID publishes its cert (which includes its public key) so that you can import it into the trust chain of your email client. You must do this for it to work. If not using YouID, but generating the cert yourself, then you have to do the same thing: 1. make a self signed cert 2. add the cert to your email clients trust chain -- where it stores other CA certs 3. import the same cert into the persona/user certs store. The client has to be able to validate the signature of your personal self-signed cert. Hence the steps above since most of these clients don't understand the dimensional implications of self-signed certificates etc.. > > or the other way round : i have a valid (from a ca authority) certificate > how do i get a webID in there.. You use a service like YouID which has an option for you to make a self signed or CA signed cert. I suspect you didn't look at the option for OpenLink Local CA when using YouID. Basically, the Cert. generation service provider has to acquire a cert. signing certificate, which is what we've done. > > the problem comes to light, when you sign your emails with a certificate > created with any of the webID generators and most clients > will say that this signature is not valid. Yes, I've been through this nightmare already, and I just need folks like you to test my guides so I can fix whatever isn't explained properly. > i only have evolution and thunderbird at hand, but i assume the outlook and co. will also complain. Please test my guide with Thunderbird. I've also written guides for others modulo evolution (which I don't use). > > i'd really like to sign my mails and have absolutely no problem with it, but > i'm not gonna do it, when i must assume that 90% of the recipients see some sort > of warning, that i'm sending untrusted mails... We'll cross that bridge once you are able to configure and send signed emails. There's a way around that problem too, via social re-engineering based on some "in your face" benefits of signed mails with certs. bearing WebID watermarks :-) Kingsley > > wkr j > > ----- Original Message ----- > From: "Kingsley Idehen" <kidehen@openlinksw.com> > To: public-rww@w3.org > Sent: Monday, July 16, 2012 9:50:28 PM > Subject: Re: Signed Email WebID > > On 7/16/12 3:44 PM, Henry Story wrote: >> On 16 Jul 2012, at 19:35, Jürgen Jakobitsch wrote: >> >>> hi, >>> thanks for input... >>> >>> just had a try with a cert created at my-profile.. >>> >>> when opening an email, signed with said cert, there's a big red bar >>> at the bottom of evolution with a broken cert icon. >>> when i click on it, it says >>> >> Could be because my-profile needs to enable some of the magic x509 things, such >> as e-mail signing options. > Henry, > > You should configure your mail client of choice such that you can send > signed emails. This exercise is crucial to WebID bootstrap, no matter > how you look at it. Thus, I encourage you to start sending signed emails > based on certs. with WebID watermarks :-) > > Kingsley >>> Signer: SWC Juergen Jakobitsch <<unknown>>: Signing certificate not trusted >>> >>> >>> hm... turnguard >>> >>> >>> ----- Original Message ----- >>> From: "Henry Story" <henry.story@bblfish.net> >>> To: "Jürgen Jakobitsch" <j.jakobitsch@semantic-web.at> >>> Cc: public-rww@w3.org >>> Sent: Monday, July 16, 2012 7:21:50 PM >>> Subject: Re: Signed Email WebID >>> >>> >>> On 16 Jul 2012, at 19:15, Jürgen Jakobitsch wrote: >>> >>>> hi, >>>> >>>> concerning kingsley's last mail. >>>> >>>> i stopped signing my mail, because i didn't figure out >>>> how to create a NOT-self-signed certificate with a webID. >>>> >>>> gnome evolution and thunderbird showed them as broken >>>> and i didn't want to scare people. >>>> >>>> is there a standard way of creating a NOT-self-signed certificate >>>> with a webID, without installing heaven and hell? >>> Well I think if you make one on my-profile.eu, you get a not self signed >>> certificate. Any system that uses keygen will tend to create non-self signed >>> certs... >>> >>> Henry >>> >>> >>>> any pointer really appreciated. >>>> >>>> wkr turnguard >>>> >>>> -- >>>> | Jürgen Jakobitsch, >>>> | Software Developer >>>> | Semantic Web Company GmbH >>>> | Mariahilfer Straße 70 / Neubaugasse 1, Top 8 >>>> | A - 1070 Wien, Austria >>>> | Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22 >>>> >>>> COMPANY INFORMATION >>>> | web : http://www.semantic-web.at/ >>>> | foaf : http://company.semantic-web.at/person/juergen_jakobitsch >>>> PERSONAL INFORMATION >>>> | web : http://www.turnguard.com >>>> | foaf : http://www.turnguard.com/turnguard >>>> | g+ : https://plus.google.com/111233759991616358206/posts >>>> | skype : jakobitsch-punkt >>>> | xmlns:tg = "http://www.turnguard.com/turnguard#" >>>> >>> Social Web Architect >>> http://bblfish.net/ >>> >>> >>> >>> -- >>> | Jürgen Jakobitsch, >>> | Software Developer >>> | Semantic Web Company GmbH >>> | Mariahilfer Straße 70 / Neubaugasse 1, Top 8 >>> | A - 1070 Wien, Austria >>> | Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22 >>> >>> COMPANY INFORMATION >>> | web : http://www.semantic-web.at/ >>> | foaf : http://company.semantic-web.at/person/juergen_jakobitsch >>> PERSONAL INFORMATION >>> | web : http://www.turnguard.com >>> | foaf : http://www.turnguard.com/turnguard >>> | g+ : https://plus.google.com/111233759991616358206/posts >>> | skype : jakobitsch-punkt >>> | xmlns:tg = "http://www.turnguard.com/turnguard#" >> Social Web Architect >> http://bblfish.net/ >> >> >> >> > -- Regards, Kingsley Idehen Founder & CEO OpenLink Software Company Web: http://www.openlinksw.com Personal Weblog: http://www.openlinksw.com/blog/~kidehen Twitter/Identi.ca handle: @kidehen Google+ Profile: https://plus.google.com/112399767740508618350/about LinkedIn Profile: http://www.linkedin.com/in/kidehen -- | Jürgen Jakobitsch, | Software Developer | Semantic Web Company GmbH | Mariahilfer Straße 70 / Neubaugasse 1, Top 8 | A - 1070 Wien, Austria | Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22 COMPANY INFORMATION | web : http://www.semantic-web.at/ | foaf : http://company.semantic-web.at/person/juergen_jakobitsch PERSONAL INFORMATION | web : http://www.turnguard.com | foaf : http://www.turnguard.com/turnguard | g+ : https://plus.google.com/111233759991616358206/posts | skype : jakobitsch-punkt | xmlns:tg = "http://www.turnguard.com/turnguard#"
Received on Tuesday, 17 July 2012 07:35:11 UTC