Re: WebID-TLS using X509 fingerprints from Kingsley Idehen on 2016-09-15 (public-webid@w3.org from September 2016)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Thu, 15 Sep 2016 12:14:53 -0400
To: public-webid@w3.org
Message-ID: <1530627a-7412-f73e-57c5-0f8925a58ea2@openlinksw.com>

On 9/15/16 11:32 AM, Melvin Carvalho wrote:
>
>
> On 15 September 2016 at 17:22, Kingsley Idehen <kidehen@openlinksw.com
> <mailto:kidehen@openlinksw.com>> wrote:
>
>     On 9/13/16 7:58 AM, Jacopo Scazzosi wrote:
>     > Hello.
>     >
>     > First mail to this list. My name's Jacopo Scazzosi, nice to meet
>     you all.
>     >
>     > I've been recently researching the world of WebID-TLS. The current
>     > specs seem to dictate the use of RSA. As one of my requirements
>     is the
>     > support of different types of keys, I've written a proof-of-concept
>     > authentication module for nodejs using X509 fingerprint comparison
>     > instead exponent+modulus comparison. I'm currently using SHA-256
>     > fingerprints but I plan on leaving the choice of the hash
>     function up
>     > to our subjects. Module is here:
>     > https://github.com/jacoscaz/node-webidentity
>     <https://github.com/jacoscaz/node-webidentity>
>     >
>     > Has support for non-RSA keys been already considered in the past?
>     >
>     > Cheers.
>
>     Hi Jacopo,
>
>     We have included fingerprint lookup in our authentication module which
>     supports WebID+TLS.
>
>     The only issue here is that we are now talking about different
>     protocol
>     i.e., not part of the WebID+TLS spec, as it currently stands. Thus, we
>     currently use the moniker NetID for this particular option.
>
>     Fingerprints are much easier with regards to manual setup of
>     WebID-Profile documents associated with WebIDs en route to PKI
>     exploitation in any authentication protocol.
>
>     Anyway, we take the same position as you i.e., its there as an
>     option :)
>
>
> I wonder if this is worth standardizing?
>  

Realistically, its best done as a "best practice" effort first. Then
following lots of interop etc., a case can be made for standardization
(which is a protracted process).


-- 
Regards,

Kingsley Idehen       
Founder & CEO 
OpenLink Software   (Home Page: http://www.openlinksw.com)

Medium Blog: https://medium.com/@kidehen
Blogspot Blog: http://kidehen.blogspot.com
Twitter Profile: https://twitter.com/kidehen
Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen
Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Thursday, 15 September 2016 16:15:17 UTC