Re: WebID-TLS using X509 fingerprints from Jacopo Scazzosi on 2016-09-15 (public-webid@w3.org from September 2016)

From: Jacopo Scazzosi <me@jacoscaz.com>
Date: Thu, 15 Sep 2016 16:37:17 +0100
To: public-webid <public-webid@w3.org>
Message-ID: <57DAC02D.9040205@jacoscaz.com>

Hello again.

Thank you all for your replies and apologies to Melvin for the duplicate 
email - I'm not used to posting on mailing lists.

@Melvin, I was not aware of the "Naming things with hashes" RFC. Thank 
you so much for pointing me to that. By turning the hash into a proper 
URI, it saves me from having to extend the "cert" vocabulary or come up 
with a vocabulary of my own - awesome! I've just pushed a commit that 
implements this - works perfectly.

@Kingsley thank you for feedback and thank you for letting me know about 
NetID - I'll make sure to name my stuff accordingly.

@Adrian I'll have a look soon - thank you for letting me know.

@Henry and @everyone, I opted for the fingerprint w/ hashing function 
options as I wanted something:

- future-proof (hashing function is specified in the RDF document)
- secure (server can choose to reject a fingerprint with a weak or 
unsupported hashing function)
- lightweight (often my payloads are a fraction of the certificates 
being used)
- easy (quasi-immediate to understand by devs unfamiliar with the 
semantic world)

That said, I'm not a semantic nor a crypto guru. I'm here to learn... :)

Cheers.

Melvin Carvalho wrote:
> Hello again.
>
> Thank you all for your replies.
>
> @Melvin, I was not aware of the "Naming things with hashes" RFC. Thank 
> you for pointing me to that. By turning the hash into a proper URI, it 
> saves me from having to extend the "cert" vocabulary or come up with a 
> vocabulary of my own - awesome!
>
> @everyone, I opted for the fingerprint w/ hashing function as I wanted 
> something:
>
> - future-proof (hashing function is specified in the RDF document)
> - secure (server can choose to reject a fingerprint with a weak or 
> unsupported hashing function)
> - lightweight (often my payloads are a fraction of the certificates 
> being used)
>
> That said, I'm not a semantic nor a crypto guru - I might be going in 
> the wrong direction. I'm here to learn... :)
>
> Cheers.

Received on Thursday, 15 September 2016 15:37:42 UTC