W3C home > Mailing lists > Public > public-webid@w3.org > March 2012

Re: as trustworthy as the hierarchical CA system currently in place...

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Sun, 4 Mar 2012 22:00:08 +0100
Message-ID: <CAKaEYhLG3ShwrwOHs8fr7LfwKAc2ULkcTyfTXd=GkHEQ-rVPeA@mail.gmail.com>
To: elf Pavlik <perpetual-tripper@wwelves.org>
Cc: public-webid <public-webid@w3.org>
On 4 March 2012 18:04, elf Pavlik <perpetual-tripper@wwelves.org> wrote:

> Hello,
> After pointing my friend to WebID, he have shared this comment (original
> linked later):
> "After reading the WebID specification once again, I'm not so sure
> anymore, whether I would want to use it.
> As described in section 2.2, the public key is published via the WebID
> Profile, which is basically a FOAF profile. While section 3.4.2 does note
> that "An HTTPS WebID will therefore be a lot more trustworthy than an HTTP
> WebID by a factor of the likelihood of man in the middle attacks", however
> the whole system is only as trustworthy as the hierarchical CA system
> currently in place.
> How can a web-of-trust be useful, if all the trust is based on a trust
> system that has been shown to be untrustworthy for more than a decade?"
> https://heahdk.net/~nil/news/0005-webid-revisited

Certificates are self signed, so a CA is never involved.

> Any references to previous discussion on this issue?
> Thanks!
> ~ elf Pavlik ~
Received on Sunday, 4 March 2012 21:00:37 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:05:39 UTC