W3C home > Mailing lists > Public > public-webid@w3.org > March 2012

as trustworthy as the hierarchical CA system currently in place...

From: elf Pavlik <perpetual-tripper@wwelves.org>
Date: Sun, 04 Mar 2012 17:04:32 +0000
To: public-webid <public-webid@w3.org>
Message-Id: <1330880403-sup-6026@heahdk.net>
Hello,

After pointing my friend to WebID, he have shared this comment (original linked later):

"After reading the WebID specification once again, I'm not so sure anymore, whether I would want to use it.

As described in section 2.2, the public key is published via the WebID Profile, which is basically a FOAF profile. While section 3.4.2 does note that "An HTTPS WebID will therefore be a lot more trustworthy than an HTTP WebID by a factor of the likelihood of man in the middle attacks", however the whole system is only as trustworthy as the hierarchical CA system currently in place.

How can a web-of-trust be useful, if all the trust is based on a trust system that has been shown to be untrustworthy for more than a decade?"

https://heahdk.net/~nil/news/0005-webid-revisited

Any references to previous discussion on this issue?
Thanks!
~ elf Pavlik ~
Received on Sunday, 4 March 2012 17:05:01 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:54:33 UTC