- From: Henry Story <henry.story@bblfish.net>
- Date: Mon, 20 May 2013 10:04:50 +0200
- To: Russ Allbery <rra@debian.org>
- Cc: Olivier Berger <olivier.berger@it-sudparis.eu>, public-webid <public-webid@w3.org>, Jonas Smedegaard <dr@jones.dk>
On 18 May 2013, at 19:31, Russ Allbery <rra@debian.org> wrote: > Olivier Berger <olivier.berger@it-sudparis.eu> writes: > >> In the following posts on the Debian list, Russ Allbery has challenged >> the security of WebID + TLS for authentication. > > I should probably add a quick comment: I didn't intend to challenge the > security in general so much as point out one of the assumptions in the > security, namely that it still assumes that you have some external method > of validating TLS certificates for servers. I suspect that many people > are happy with that assumption. This is only an issue if one doesn't want > to trust the normal mechanisms for validating TLS certificates (or DANE). yes, but then you can use Tor's .onion or i2p's .garlic urls. I think they don't require DNS. It's on my roadmap to look at that. If people want to play with that please send us feedback. Henry > > -- > Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/> > > Social Web Architect http://bblfish.net/
Received on Monday, 20 May 2013 08:05:25 UTC