- From: Russ Allbery <rra@debian.org>
- Date: Sat, 18 May 2013 10:31:46 -0700
- To: Olivier Berger <olivier.berger@it-sudparis.eu>
- Cc: public-webid <public-webid@w3.org>, Jonas Smedegaard <dr@jones.dk>
Olivier Berger <olivier.berger@it-sudparis.eu> writes: > In the following posts on the Debian list, Russ Allbery has challenged > the security of WebID + TLS for authentication. I should probably add a quick comment: I didn't intend to challenge the security in general so much as point out one of the assumptions in the security, namely that it still assumes that you have some external method of validating TLS certificates for servers. I suspect that many people are happy with that assumption. This is only an issue if one doesn't want to trust the normal mechanisms for validating TLS certificates (or DANE). -- Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Received on Sunday, 19 May 2013 15:40:15 UTC