Re: WebID-TLS using X509 fingerprints from Melvin Carvalho on 2016-09-15 (public-webid@w3.org from September 2016)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Thu, 15 Sep 2016 17:43:52 +0200
To: Jacopo Scazzosi <me@jacoscaz.com>
Cc: public-webid <public-webid@w3.org>
Message-ID: <CAKaEYhLhoNC28Hy=F+F5O2mGxVbWes7VjixYotob1CCmmnd9bA@mail.gmail.com>

On 15 September 2016 at 17:37, Jacopo Scazzosi <me@jacoscaz.com> wrote:

> Hello again.
>
> Thank you all for your replies and apologies to Melvin for the duplicate
> email - I'm not used to posting on mailing lists.
>
> @Melvin, I was not aware of the "Naming things with hashes" RFC. Thank you
> so much for pointing me to that. By turning the hash into a proper URI, it
> saves me from having to extend the "cert" vocabulary or come up with a
> vocabulary of my own - awesome! I've just pushed a commit that implements
> this - works perfectly.
>
> @Kingsley thank you for feedback and thank you for letting me know about
> NetID - I'll make sure to name my stuff accordingly.
>
> @Adrian I'll have a look soon - thank you for letting me know.
>
> @Henry and @everyone, I opted for the fingerprint w/ hashing function
> options as I wanted something:
>
> - future-proof (hashing function is specified in the RDF document)
> - secure (server can choose to reject a fingerprint with a weak or
> unsupported hashing function)
> - lightweight (often my payloads are a fraction of the certificates being
> used)
> - easy (quasi-immediate to understand by devs unfamiliar with the semantic
> world)
>
> That said, I'm not a semantic nor a crypto guru. I'm here to learn... :)
>

Looks great!

re:

<div about="ni://sha-256;Mub5jcxUlUz6SG0oWKmHtIYGNgATBmPdRdlXiKxRBWw"
typeof="cert:X509Certificate" prefix="cert:
http://www.w3.org/ns/auth/cert#">
    <div rel="cert:identity" href="https://example.com/me"></div>
</div>

Maybe we need a entry in the "typeof" field, something like
cert:X509Fingerprint ?




>
> Cheers.
>
>
> Melvin Carvalho wrote:
>
>> Hello again.
>>
>> Thank you all for your replies.
>>
>> @Melvin, I was not aware of the "Naming things with hashes" RFC. Thank
>> you for pointing me to that. By turning the hash into a proper URI, it
>> saves me from having to extend the "cert" vocabulary or come up with a
>> vocabulary of my own - awesome!
>>
>> @everyone, I opted for the fingerprint w/ hashing function as I wanted
>> something:
>>
>> - future-proof (hashing function is specified in the RDF document)
>> - secure (server can choose to reject a fingerprint with a weak or
>> unsupported hashing function)
>> - lightweight (often my payloads are a fraction of the certificates being
>> used)
>>
>> That said, I'm not a semantic nor a crypto guru - I might be going in the
>> wrong direction. I'm here to learn... :)
>>
>> Cheers.
>>
>
>
>

Received on Thursday, 15 September 2016 15:44:20 UTC