W3C home > Mailing lists > Public > public-webid@w3.org > July 2015

WebID-RSA. Re: google proposing to deprecate KEYGEN

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Fri, 31 Jul 2015 17:25:11 +0200
To: Andrei Sambra <andrei@w3.org>
Cc: public-webid@w3.org
Message-ID: <55BB9357.4020102@gmail.com>
On 2015-07-31 15:47, Andrei Sambra wrote:
> I’ve already started work (this spring) on an alternative auth
 > protocol based on WebID, which uses the new WebCrypto API. You can read about it here [0].

Pardon my ignorance but I don't understand how WebID-RSA works since
WebCrypto is SOP-crippled.  That you can generate a key on the fly
is true but exactly what does that buy?

Anders

>
> It’s currently implemented in gold [1], one of the SoLiD servers.
>
> —Andrei
>
> [0] https://github.com/linkeddata/SoLiD#webid-rsa
> [1] https://github.com/linkeddata/gold
>
>> On Jul 31, 2015, at 8:51 AM, Cory Sabol <cssabol@uncg.edu <mailto:cssabol@uncg.edu>> wrote:
>>
>> It would be interesting to conduct some work on that. WebID with some alternative crypto APIs.
>>
>> On Fri, Jul 31, 2015 at 6:42 AM, Andreas Kuckartz <a.kuckartz@ping.de <mailto:a.kuckartz@ping.de>> wrote:
>>
>>     Kingsley Idehen wrote:
>>     > Keygen doesn't define existence of WebID-TLS. It just offered a
>>     > perceived convenience.
>>
>>     Can WebID-TLS be based on the Web Cryptography API instead?
>>
>>     What would be the advantages and disadvantages?
>>
>>     Cheers,
>>     Andreas
>>
>>
>>
>>
>> --
>> Regards,
>>
>> -Cory Sabol
>> cssabol@uncg.edu <mailto:cssabol@uncg.edu>
>>
>
Received on Friday, 31 July 2015 15:25:51 UTC

This archive was generated by hypermail 2.3.1 : Friday, 31 July 2015 15:25:51 UTC