Re: a common understanding of profiles from Kingsley Idehen on 2015-06-27 (public-webid@w3.org from June 2015)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Sat, 27 Jun 2015 14:13:06 -0400
To: public-webid@w3.org
Message-ID: <558EE7B2.4090300@openlinksw.com>

On 6/26/15 5:17 PM, Melvin Carvalho wrote:
>
>
> On 26 June 2015 at 22:58, Harry Halpin <hhalpin@w3.org 
> <mailto:hhalpin@w3.org>> wrote:
>
>     Again, I think http URIs and using #s to separate humans and documents
>     are in general good ideas and support that in RDF-based systems.
>
>     However, as the WebID+TLS community in the past has been unable or
>     unwilling to update or change their  authentication protocol in
>     response
>     to noted and kinda well-known security/privacy issues with
>     WebID+TLS, so
>     I'm not sure further discussion is productive on this mailing list.
>
>     Regardless of security/privacy issues, as TLS client negotiation is
>     being dropped in TLS 1.3 due to the triple handshake attack, it's
>     pretty
>     obvious that WebID+TLS should not be used as a general purpose
>     authentication protocol in the future as browser support for even
>     how it
>     works today will be phased out over time.
>
>     Rather, the WebID community I would suggest looking at the TLS Token
>     Binding discussion, or improving WebID+RSA or the FIDO work.
>
>     I'm happy to write these well-known issues up and send them to the WG.
>     If you doubt these points, you may wish to communicate with the
>     TLS WG,
>     the IETF SAAG, or the W3C WebSec WG to get in touch with folks in
>     industry and academia who are working on these problems and may have
>     more time to discuss these issues with you.
>
>
> Thanks for the offer of writing up the "well known" issues, that would 
> be welcome.  I know you have strong views here, so, in general, a 
> write up or pointers (as above) would be appreciated.

+1

-- 
Regards,

Kingsley Idehen 
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog 1: http://kidehen.blogspot.com
Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen
Twitter Profile: https://twitter.com/kidehen
Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen
Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Saturday, 27 June 2015 18:13:31 UTC