Re: [dane] Call for Adoption: "Using Secure DNS to Associate Certificates with Domain Names For S/MIME"

On 9/25/12 8:26 AM, Henry Story wrote:
>>> http://bblfish.net/
>>> >>
>>> >>
>>> >>
>>> >>
>> >
>> >Henry,
>> >
>> >S/MIME and WebID work together very well. That's something we've long implemented. Notice the certificate used to sign this mail:-)
>> >
>> >To conclude, WebID is another option with finer granularity and more distributed control (no DNS admin access privileges required, just own a profile document) re., mail sender identity verification.
> It may be interesting to know from the DANE working group, what they think would need to be done to make the application of WebID to S/MIME something more widely known about.

Yes, that's a good point. In WebID lies a more fined-grained and 
distributed approach to identity verification that fits naturally into 
today's Internet and Web networks.

> Currently the WebID spec (http://webid.info/spec  ) illustrates how one can use a WebID in a client certificate to authenticate with TLS on any server. Perhaps the WebID working group should put some documents forward on how this can be used for S/MIME?

Maybe.
> Or perhaps an RFC would be more useful for that?

I think so.
> I don't think we have any formal document on that yet.

At this juncture, as part of S/MIME implementation in our clients and 
servers, we have the option to verify identity using the WebID protocol 
. On our side, this remains one of the most powerful demonstrations of 
WebID utility.

-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen