Re: WebID-TLS using X509 fingerprints

On 13 September 2016 at 13:58, Jacopo Scazzosi <me@jacoscaz.com> wrote:

> Hello.
>
> First mail to this list. My name's Jacopo Scazzosi, nice to meet you all.
>
> I've been recently researching the world of WebID-TLS. The current specs
> seem to dictate the use of RSA. As one of my requirements is the support of
> different types of keys, I've written a proof-of-concept authentication
> module for nodejs using X509 fingerprint comparison instead
> exponent+modulus comparison. I'm currently using SHA-256 fingerprints but I
> plan on leaving the choice of the hash function up to our subjects. Module
> is here: https://github.com/jacoscaz/node-webidentity
>
> Has support for non-RSA keys been already considered in the past?
>

Hi & Welcome!

Yes other keys have been considered in the past.  Actually the WebID
vocabulary is supposed to support DSA keys, too.  But there is a bug in the
ontology which means that it doesnt.

I raised this in March 2013 (yes, 3 and a half years ago!)
https://lists.w3.org/Archives/Public/public-webid/2013Mar/0007.html

Leading to a patch which has still not got upstream.  So we seem to have a
issue with the process of change control.  However, given that the ontology
is on the w3c namespace there are perhaps some people that can help out
here.  Any volunteers? :)

I'd support more keys, namely to fix DSA and personally I have a use case
for crypto currencies using ECC keys.

I think there is a general consensus to allow the inclusion of PEM encoded
keys, but maybe it's time to revisit this discussion.

Fingerprints are a really interesting idea, that's for working on this.
One question, have you looked at the "Naming things with hashes" RFC?  Do
you think there's an overlap here?

https://tools.ietf.org/html/rfc6920


>
> Cheers.
>
>
>