W3C home > Mailing lists > Public > public-webid@w3.org > March 2012

Re: as trustworthy as the hierarchical CA system currently in place...

From: Henry Story <henry.story@bblfish.net>
Date: Wed, 7 Mar 2012 16:18:15 +0100
Cc: public-webid@w3.org
Message-Id: <561DEC51-B9AA-4D76-B0B8-5138876DFB8B@bblfish.net>
To: Kingsley Idehen <kidehen@openlinksw.com>

On 7 Mar 2012, at 16:10, Kingsley Idehen wrote:

> On 3/5/12 1:45 PM, nilclass@riseup.net wrote:
>> But I did (and do) think that it
>> should be made clear, that the knowledge that you have about the
>> authenticity of a peer after authenticating via WebID is only as likely to
>> be true, as the whole chain of authentication leading to the conclusion of
>> that knowledge is likely to be compromised.
> Identity is verified via relations. These relations are mirrored across your local keystore and a data space you control. You have to be able to achieve two vital tasks when compromising the system:
> 
> 1. have a de-referencable URI in the subjectAlternateName (SAN) slot of an X.509 certificate
> 2. the URI has to resolve to a graph where the URI is in a relation (this has specific semantics) with the aforementioned X.509 certificate's public key .
> 
> There is a composite key in two places, they have to match via semantically rich relations verification. This system isn't vulnerable to the scenario you describe.

This is not described in the spec, nor in any wiki here on our site. It would be useful to have
this written out in detail to see if it really does what you think you would like it to do.

> 
> If you believe it is vulnerable then I would encourage you to demonstrate said vulnerability. I can easily protect a published resource using a WebID based ACL, then ask you to access this resource by exploiting the vulnerability you assume. That's what I would do etc..
> 
> -- 
> 
> Regards,
> 
> Kingsley Idehen	
> Founder&  CEO
> OpenLink Software
> Company Web: http://www.openlinksw.com
> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca handle: @kidehen
> Google+ Profile: https://plus.google.com/112399767740508618350/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
> 
> 
> 
> 
> 
> 

Social Web Architect
http://bblfish.net/
Received on Wednesday, 7 March 2012 15:18:58 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:54:33 UTC