Re: Certificate Expiry (summary)

On 26 Jan 2012, at 19:12, Kingsley Idehen wrote:

> On 1/26/12 12:08 PM, Joe Presbrey wrote:
>> Hi all,
>> 
>> I caught up with Henry in a quick chat earlier about this and will let
>> you know a quick summary. Of course we all agree on extending the
>> trust network via URIs, resolving, issues and signers, cosigners,
>> freedom and liberty boxes, server clients, etc. all day long. In
>> addition:
>> 
>> 1) we should distinguish old keys from current keys with status,
>> issuer, date, and/or other properties of the key in our profiles
> 
> Okay, so do we tweak the Cert. Ontology accordingly? Or make an adjunct
> Assurance Ontology?

I don't see a problem adding a few notBefore/notAfter relations to the
cert ontology. We would want to state somehow that the relation between
the user and the public key as being one of identification was only valid
for a certain amount of time.

What I am wondering is if that would make a difference to your argument
outlined in the thread. If someone were to use certificate with a WebID
that was backed up by a Profile whose key was described as being 
expired, would not the argument you had outlined in the thread still 
hold? Ie, that this is an issue with authorisation and not 
authentication?

>> 
>> 2) expired self-signed WebIDs should not "go out with the trash", if a
>> hacker finds it, they can pretend they are you unless (1)
>> 
>> 3) we should regard x509 properties in addition to (1) while WebID is
>> delivered via x509, but prefer LD mechanisms to be compatible with
>> other containers and transports
> 
> Yes.
> 
> Kingsley
> 
>> 
>> Best,
>> 
>> --
>> Joe Presbrey
>> 
>> 
>> On Thu, Jan 26, 2012 at 11:40 AM, Henry Story<henry.story@bblfish.net>  wrote:
>>> yes make sense +1 - just add Summary to front of the e-mail subject.
>>> I think it would be good if each thread had a little summary.
>>> 
>>> On 26 Jan 2012, at 17:35, Joe Presbrey wrote:
>>> 
>>>> I drafted this summary email, if it looks good to you, do you want to send it?
>> 
> 
> 
> -- 
> 
> Regards,
> 
> Kingsley Idehen	
> Founder&  CEO
> OpenLink Software
> Company Web: http://www.openlinksw.com
> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca handle: @kidehen
> Google+ Profile: https://plus.google.com/112399767740508618350/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
> 
> 
> 
> 
> 
> 

Social Web Architect
http://bblfish.net/

Received on Thursday, 26 January 2012 18:32:50 UTC