Re: as trustworthy as the hierarchical CA system currently in place... from Melvin Carvalho on 2012-03-04 (public-webid@w3.org from March 2012)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Sun, 4 Mar 2012 22:00:08 +0100
To: elf Pavlik <perpetual-tripper@wwelves.org>
Cc: public-webid <public-webid@w3.org>
Message-ID: <CAKaEYhLG3ShwrwOHs8fr7LfwKAc2ULkcTyfTXd=GkHEQ-rVPeA@mail.gmail.com>

On 4 March 2012 18:04, elf Pavlik <perpetual-tripper@wwelves.org> wrote:

> Hello,
>
> After pointing my friend to WebID, he have shared this comment (original
> linked later):
>
> "After reading the WebID specification once again, I'm not so sure
> anymore, whether I would want to use it.
>
> As described in section 2.2, the public key is published via the WebID
> Profile, which is basically a FOAF profile. While section 3.4.2 does note
> that "An HTTPS WebID will therefore be a lot more trustworthy than an HTTP
> WebID by a factor of the likelihood of man in the middle attacks", however
> the whole system is only as trustworthy as the hierarchical CA system
> currently in place.
>
> How can a web-of-trust be useful, if all the trust is based on a trust
> system that has been shown to be untrustworthy for more than a decade?"
>
> https://heahdk.net/~nil/news/0005-webid-revisited
>

Certificates are self signed, so a CA is never involved.


>
> Any references to previous discussion on this issue?
> Thanks!
> ~ elf Pavlik ~
>
>

Received on Sunday, 4 March 2012 21:00:37 UTC