Re: Signed Email WebID

On 7/17/12 3:34 AM, Jürgen Jakobitsch wrote:
> hi,
>
> tried again and worked fine,
> note to self [1].
>
> tried to send signed email for others to check
> from office@turnguard.com, but something else
> got wrong and mail didn't get delivered.
>
> need to setup this email adress in another client
> (currently : zimbra collaboration suite), then
> will send signed mails only... yeah!

Great!

>
> arigato turnguard
>
> [1] http://1.bp.blogspot.com/_rU308YJ3usM/SvH9v7viroI/AAAAAAAABHY/FaHuC3Fg-o0/s400/ReadingisSexy.jpg

LOL

Kingsley
>
> ----- Original Message -----
> From: "Kingsley Idehen" <kidehen@openlinksw.com>
> To: "Jürgen Jakobitsch" <j.jakobitsch@semantic-web.at>
> Cc: public-rww@w3.org
> Sent: Monday, July 16, 2012 11:01:24 PM
> Subject: Re: Signed Email WebID
>
> On 7/16/12 4:09 PM, Jürgen Jakobitsch wrote:
>> ok,
>>
>> i think sending signed email is not really the problem,
>> i think every one of us should manage to get this done.
>>
>> however, at least for me the problem is :
>>
>> how can i (as a normal user) create a certificate that is trusted
>> by a common ca authority with a webID.
> You need to add the CA certificate of the cert issuer to your email
> clients trust chain. I am really keen to simplify this effort, so if you
> could try to set this up based on my instructions it will ultimately
> help me make the guide clearer.
>
> YouID publishes its cert (which includes its public key) so that you can
> import it into the trust chain of your email client. You must do this
> for it to work.
>
> If not using YouID, but generating the cert yourself, then you have to
> do the same thing:
>
> 1. make a self signed cert
> 2. add the cert to your email clients trust chain -- where it stores
> other CA certs
> 3. import the same cert into the persona/user certs store.
>
> The client has to be able to validate the signature of your personal
> self-signed cert. Hence the steps above since most of these clients
> don't understand the dimensional implications of self-signed
> certificates etc..
>
>> or the other way round : i have a valid (from a ca authority) certificate
>> how do i get a webID in there..
> You use a service like YouID which has an option for you to make a self
> signed or CA signed cert. I suspect you didn't look at the option for
> OpenLink Local CA when using YouID.
>
> Basically, the Cert. generation service provider has to acquire a cert.
> signing certificate, which is what we've done.
>
>> the problem comes to light, when you sign your emails with a certificate
>> created with any of the webID generators and most clients
>> will say that this signature is not valid.
> Yes, I've been through this nightmare already, and I just need folks
> like you to test my guides so I can fix whatever isn't explained properly.
>
>> i only have evolution and thunderbird at hand, but i assume the outlook and co. will also complain.
> Please test my guide with Thunderbird. I've also written guides for
> others modulo evolution (which I don't use).
>> i'd really like to sign my mails and have absolutely no problem with it, but
>> i'm not gonna do it, when i must assume that 90% of the recipients see some sort
>> of warning, that i'm sending untrusted mails...
> We'll cross that bridge once you are able to configure and send signed
> emails. There's a way around that problem too, via social re-engineering
> based on some "in your face" benefits of signed mails with certs.
> bearing WebID watermarks  :-)
>
> Kingsley
>
>
>> wkr j
>>
>> ----- Original Message -----
>> From: "Kingsley Idehen" <kidehen@openlinksw.com>
>> To: public-rww@w3.org
>> Sent: Monday, July 16, 2012 9:50:28 PM
>> Subject: Re: Signed Email WebID
>>
>> On 7/16/12 3:44 PM, Henry Story wrote:
>>> On 16 Jul 2012, at 19:35, Jürgen Jakobitsch wrote:
>>>
>>>> hi,
>>>> thanks for input...
>>>>
>>>> just had a try with a cert created at my-profile..
>>>>
>>>> when opening an email, signed with said cert, there's a big red bar
>>>> at the bottom of evolution with a broken cert icon.
>>>> when i click on it, it says
>>>>
>>> Could be because my-profile needs to enable some of the magic x509 things, such
>>> as e-mail signing options.
>> Henry,
>>
>> You should configure your mail client of choice such that you can send
>> signed emails. This exercise is crucial to WebID bootstrap, no matter
>> how you look at it. Thus, I encourage you to start sending signed emails
>> based on certs. with WebID watermarks :-)
>>
>> Kingsley
>>>> Signer: SWC Juergen Jakobitsch <<unknown>>: Signing certificate not trusted
>>>>
>>>>
>>>> hm... turnguard
>>>>
>>>>
>>>> ----- Original Message -----
>>>> From: "Henry Story" <henry.story@bblfish.net>
>>>> To: "Jürgen Jakobitsch" <j.jakobitsch@semantic-web.at>
>>>> Cc: public-rww@w3.org
>>>> Sent: Monday, July 16, 2012 7:21:50 PM
>>>> Subject: Re: Signed Email WebID
>>>>
>>>>
>>>> On 16 Jul 2012, at 19:15, Jürgen Jakobitsch wrote:
>>>>
>>>>> hi,
>>>>>
>>>>> concerning kingsley's last mail.
>>>>>
>>>>> i stopped signing my mail, because i didn't figure out
>>>>> how to create a NOT-self-signed certificate with a webID.
>>>>>
>>>>> gnome evolution and thunderbird showed them as broken
>>>>> and i didn't want to scare people.
>>>>>
>>>>> is there a standard way of creating a NOT-self-signed  certificate
>>>>> with a webID, without installing heaven and hell?
>>>> Well I think if you make one on my-profile.eu, you get a not self signed
>>>> certificate. Any system that uses keygen will tend to create non-self signed
>>>> certs...
>>>>
>>>> Henry
>>>>
>>>>
>>>>> any pointer really appreciated.
>>>>>
>>>>> wkr turnguard
>>>>>
>>>>> --
>>>>> | Jürgen Jakobitsch,
>>>>> | Software Developer
>>>>> | Semantic Web Company GmbH
>>>>> | Mariahilfer Straße 70 / Neubaugasse 1, Top 8
>>>>> | A - 1070 Wien, Austria
>>>>> | Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22
>>>>>
>>>>> COMPANY INFORMATION
>>>>> | web       : http://www.semantic-web.at/
>>>>> | foaf      : http://company.semantic-web.at/person/juergen_jakobitsch
>>>>> PERSONAL INFORMATION
>>>>> | web       : http://www.turnguard.com
>>>>> | foaf      : http://www.turnguard.com/turnguard
>>>>> | g+        : https://plus.google.com/111233759991616358206/posts
>>>>> | skype     : jakobitsch-punkt
>>>>> | xmlns:tg  = "http://www.turnguard.com/turnguard#"
>>>>>
>>>> Social Web Architect
>>>> http://bblfish.net/
>>>>
>>>>
>>>>
>>>> --
>>>> | Jürgen Jakobitsch,
>>>> | Software Developer
>>>> | Semantic Web Company GmbH
>>>> | Mariahilfer Straße 70 / Neubaugasse 1, Top 8
>>>> | A - 1070 Wien, Austria
>>>> | Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22
>>>>
>>>> COMPANY INFORMATION
>>>> | web       : http://www.semantic-web.at/
>>>> | foaf      : http://company.semantic-web.at/person/juergen_jakobitsch
>>>> PERSONAL INFORMATION
>>>> | web       : http://www.turnguard.com
>>>> | foaf      : http://www.turnguard.com/turnguard
>>>> | g+        : https://plus.google.com/111233759991616358206/posts
>>>> | skype     : jakobitsch-punkt
>>>> | xmlns:tg  = "http://www.turnguard.com/turnguard#"
>>> Social Web Architect
>>> http://bblfish.net/
>>>
>>>
>>>
>>>
>


-- 

Regards,

Kingsley Idehen 
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen