- From: Kingsley Idehen <kidehen@openlinksw.com>
- Date: Sun, 04 Mar 2012 12:37:06 -0500
- To: public-webid@w3.org
- Message-ID: <4F53A842.6010108@openlinksw.com>
On 3/4/12 12:04 PM, elf Pavlik wrote: > Hello, > > After pointing my friend to WebID, he have shared this comment (original linked later): > > "After reading the WebID specification once again, I'm not so sure anymore, whether I would want to use it. > > As described in section 2.2, the public key is published via the WebID Profile, which is basically a FOAF profile. While section 3.4.2 does note that "An HTTPS WebID will therefore be a lot more trustworthy than an HTTP WebID by a factor of the likelihood of man in the middle attacks", however the whole system is only as trustworthy as the hierarchical CA system currently in place. > > How can a web-of-trust be useful, if all the trust is based on a trust system that has been shown to be untrustworthy for more than a decade?" > > https://heahdk.net/~nil/news/0005-webid-revisited > > Any references to previous discussion on this issue? > Thanks! > ~ elf Pavlik ~ > > Trouble is that he has somehow lost the entire essence of WebID. The trust isn't in the CA network or anything similar to that. Trust is the product of verifiable claims held in at least two places: 1. you local keystore 2. a network accessible and addressable resource . Links: 1. https://plus.google.com/s/WebID%20mirrored%20claims%20idehen -- some post about WebID and the effects of "mirrored claims" . The thing about WebID is that 'You' are in control. -- Regards, Kingsley Idehen Founder& CEO OpenLink Software Company Web: http://www.openlinksw.com Personal Weblog: http://www.openlinksw.com/blog/~kidehen Twitter/Identi.ca handle: @kidehen Google+ Profile: https://plus.google.com/112399767740508618350/about LinkedIn Profile: http://www.linkedin.com/in/kidehen
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Sunday, 4 March 2012 17:37:29 UTC