- From: WebID Incubator Group Issue Tracker <sysbot+tracker@w3.org>
- Date: Mon, 18 Apr 2011 13:43:08 +0000
- To: public-xg-webid@w3.org
WebID-ISSUE-54 (bblfish): relation between X509 certificates and WebID [WebID Spec]
http://www.w3.org/2005/Incubator/webid/track/issues/54
Raised by: Henry Story
On product: WebID Spec
Does WebId authentication come in addition to X509 Certificates? How do the two interact? Can one have self signed certificates?
A long thread on this entitled "self-signed" covered this in detail. It started with a request to understand why a particular self signed certificate failed.
http://lists.w3.org/Archives/Public/public-xg-webid/2011Apr/0186.html
It turned out this was due to Apache by default not letting certificates through with extensions marked critical
http://lists.w3.org/Archives/Public/public-xg-webid/2011Apr/0217.html
Though this can be turned off by recompiling apache as explained in
http://lists.w3.org/Archives/Public/public-xg-webid/2011Apr/0207.html
This lead to the question of how X509 certificates relate to WebID:
- Peter Williams explores this where he raises the questions
http://lists.w3.org/Archives/Public/public-xg-webid/2011Apr/0253.html
- Henry Story argues they are orthogonal and complimentary
http://lists.w3.org/Archives/Public/public-xg-webid/2011Apr/0266.html
A discussion on this issue of self signed certificates also is going on on the Dane list of which a recent message "5280 and self-signed ee certs"
http://www.ietf.org/mail-archive/web/dane/current/msg02452.html
The W3C mentions self-signed certs in the section "Self-signed Certificates and Untrusted Root Certificates" in the "Web Security Context: User Interface Guidelines"
http://www.w3.org/TR/wsc-ui/#selfsignedcerts
Language may be needed to be added to the spec to digest this.
Received on Monday, 18 April 2011 13:43:12 UTC