Re: Certificate Expiry

Le 26 janv. 2012 à 08:33, Joe Presbrey a écrit :

> The notion of self-signed WebID certificates (securely) expiring is invalid and quite easily misunderstood. There are no assurances for start/end dates (or any other properties, eg. WebID URI!) within the certificate itself.
> 
> This is precisely why we resolve the WebID URI: to check if the claims in the certificate are true. We could also check the URI/LD to see if dates match, but we don't currently have schema for that, and why bother?

Joe,

A "WebID provider" , a repository for many webID could use that to decide to stop serving these public keys.
In a relation between a person and his WebID provider (because he does not host his WebID himself), it's a way to invite the person to come and re-sign again, perhaps checking his identity.


> Remove the "expired" certificate's public key from your FOAF/LinkedData if you want to deactivate it. Otherwise,
> 
> re-self-sign:
> https://gist.github.com/1653329
> 
> You won't need to update your FOAF/LD as your Public Key will not change.
> 
> 
> On Wed, 25 Jan 2012, Mischa Tuffield wrote:
>> Mischa *needs to generate a new cert I guess $todoList++.
> 
> 

--
Dominique Guardiola, QUINODE
• http://www.quinode.fr/
• Tel : 04.27.86.84.37
• Mob : 06.15.13.22.27

Received on Thursday, 26 January 2012 09:42:27 UTC