W3C home > Mailing lists > Public > public-webid@w3.org > May 2013

Re: WebID discussion in Debian

From: Henry Story <henry.story@bblfish.net>
Date: Mon, 20 May 2013 10:04:50 +0200
Cc: Olivier Berger <olivier.berger@it-sudparis.eu>, public-webid <public-webid@w3.org>, Jonas Smedegaard <dr@jones.dk>
Message-Id: <D9B4D4F8-85B0-4765-9E0E-748B3543D371@bblfish.net>
To: Russ Allbery <rra@debian.org>

On 18 May 2013, at 19:31, Russ Allbery <rra@debian.org> wrote:

> Olivier Berger <olivier.berger@it-sudparis.eu> writes:
> 
>> In the following posts on the Debian list, Russ Allbery has challenged
>> the security of WebID + TLS for authentication.
> 
> I should probably add a quick comment: I didn't intend to challenge the
> security in general so much as point out one of the assumptions in the
> security, namely that it still assumes that you have some external method
> of validating TLS certificates for servers.  I suspect that many people
> are happy with that assumption.  This is only an issue if one doesn't want
> to trust the normal mechanisms for validating TLS certificates (or DANE).

yes, but then you can use Tor's .onion or i2p's .garlic urls. I think they don't 
require DNS. It's on my roadmap to look at that. If people want to play
with that please send us feedback.

Henry


> 
> -- 
> Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
> 
> 

Social Web Architect
http://bblfish.net/
Received on Monday, 20 May 2013 08:05:25 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:54:43 UTC