W3C home > Mailing lists > Public > public-webid@w3.org > March 2012

Re: Fwd: Re: as trustworthy as the hierarchical CA system currently in place...

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Wed, 07 Mar 2012 10:10:15 -0500
Message-ID: <4F577A57.7010806@openlinksw.com>
To: public-webid@w3.org
On 3/5/12 1:45 PM, nilclass@riseup.net wrote:
> But I did (and do) think that it
> should be made clear, that the knowledge that you have about the
> authenticity of a peer after authenticating via WebID is only as likely to
> be true, as the whole chain of authentication leading to the conclusion of
> that knowledge is likely to be compromised.
Identity is verified via relations. These relations are mirrored across 
your local keystore and a data space you control. You have to be able to 
achieve two vital tasks when compromising the system:

1. have a de-referencable URI in the subjectAlternateName (SAN) slot of 
an X.509 certificate
2. the URI has to resolve to a graph where the URI is in a relation 
(this has specific semantics) with the aforementioned X.509 
certificate's public key .

There is a composite key in two places, they have to match via 
semantically rich relations verification. This system isn't vulnerable 
to the scenario you describe.

If you believe it is vulnerable then I would encourage you to 
demonstrate said vulnerability. I can easily protect a published 
resource using a WebID based ACL, then ask you to access this resource 
by exploiting the vulnerability you assume. That's what I would do etc..

-- 

Regards,

Kingsley Idehen	
Founder&  CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen








Received on Wednesday, 7 March 2012 15:10:41 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:54:33 UTC