Re: WebID-TLS using X509 fingerprints

On 15 September 2016 at 17:22, Kingsley Idehen <kidehen@openlinksw.com>
wrote:

> On 9/13/16 7:58 AM, Jacopo Scazzosi wrote:
> > Hello.
> >
> > First mail to this list. My name's Jacopo Scazzosi, nice to meet you all.
> >
> > I've been recently researching the world of WebID-TLS. The current
> > specs seem to dictate the use of RSA. As one of my requirements is the
> > support of different types of keys, I've written a proof-of-concept
> > authentication module for nodejs using X509 fingerprint comparison
> > instead exponent+modulus comparison. I'm currently using SHA-256
> > fingerprints but I plan on leaving the choice of the hash function up
> > to our subjects. Module is here:
> > https://github.com/jacoscaz/node-webidentity
> >
> > Has support for non-RSA keys been already considered in the past?
> >
> > Cheers.
>
> Hi Jacopo,
>
> We have included fingerprint lookup in our authentication module which
> supports WebID+TLS.
>
> The only issue here is that we are now talking about different protocol
> i.e., not part of the WebID+TLS spec, as it currently stands. Thus, we
> currently use the moniker NetID for this particular option.
>
> Fingerprints are much easier with regards to manual setup of
> WebID-Profile documents associated with WebIDs en route to PKI
> exploitation in any authentication protocol.
>
> Anyway, we take the same position as you i.e., its there as an option :)
>

I wonder if this is worth standardizing?


>
>
> --
> Regards,
>
> Kingsley Idehen
> Founder & CEO
> OpenLink Software   (Home Page: http://www.openlinksw.com)
>
> Medium Blog: https://medium.com/@kidehen
> Blogspot Blog: http://kidehen.blogspot.com
> Twitter Profile: https://twitter.com/kidehen
> Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
> Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this
>
>
>