Re: Certificate Expiry

The notion of self-signed WebID certificates (securely) expiring is 
invalid and quite easily misunderstood. There are no assurances for 
start/end dates (or any other properties, eg. WebID URI!) within the 
certificate itself.

This is precisely why we resolve the WebID URI: to check if the claims in 
the certificate are true. We could also check the URI/LD to see if dates 
match, but we don't currently have schema for that, and why bother?

Remove the "expired" certificate's public key from your FOAF/LinkedData if 
you want to deactivate it. Otherwise,

re-self-sign:
https://gist.github.com/1653329

You won't need to update your FOAF/LD as your Public Key will not change.


On Wed, 25 Jan 2012, Mischa Tuffield wrote:
> Mischa *needs to generate a new cert I guess $todoList++.

Received on Thursday, 26 January 2012 07:36:49 UTC