W3C home > Mailing lists > Public > public-webid@w3.org > May 2013

Re: WebID discussion in Debian

From: Russ Allbery <rra@debian.org>
Date: Sat, 18 May 2013 10:31:46 -0700
To: Olivier Berger <olivier.berger@it-sudparis.eu>
Cc: public-webid <public-webid@w3.org>, Jonas Smedegaard <dr@jones.dk>
Message-ID: <87zjvsp531.fsf@windlord.stanford.edu>
Olivier Berger <olivier.berger@it-sudparis.eu> writes:

> In the following posts on the Debian list, Russ Allbery has challenged
> the security of WebID + TLS for authentication.

I should probably add a quick comment: I didn't intend to challenge the
security in general so much as point out one of the assumptions in the
security, namely that it still assumes that you have some external method
of validating TLS certificates for servers.  I suspect that many people
are happy with that assumption.  This is only an issue if one doesn't want
to trust the normal mechanisms for validating TLS certificates (or DANE).

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Received on Sunday, 19 May 2013 15:40:15 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:05:51 UTC