W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

WebID-ISSUE-54 (bblfish): relation between X509 certificates and WebID [WebID Spec]

From: WebID Incubator Group Issue Tracker <sysbot+tracker@w3.org>
Date: Mon, 18 Apr 2011 13:43:08 +0000
To: public-xg-webid@w3.org
Message-Id: <E1QBojM-0000nX-6c@lowblow.w3.org>

WebID-ISSUE-54 (bblfish): relation between X509 certificates and WebID [WebID Spec]


Raised by: Henry Story
On product: WebID Spec

Does WebId authentication come in addition to X509 Certificates? How do the two interact? Can one have self signed certificates?

A long thread on this entitled "self-signed" covered this in detail.  It started with a request to understand why a particular self signed certificate failed.


It turned out this was due to Apache by default not letting certificates through with extensions marked critical


Though this can be turned off by recompiling apache as explained in


This lead to the question of how X509 certificates relate to WebID:

 - Peter Williams explores this where he raises the questions
 - Henry Story argues they are orthogonal and complimentary

A discussion on this issue of self signed certificates also is going on on the Dane list of which a recent message "5280 and self-signed ee certs" 

The W3C mentions self-signed certs in the section "Self-signed Certificates and Untrusted Root Certificates" in the "Web Security Context: User Interface Guidelines"


Language may be needed to be added to the spec to digest this.
Received on Monday, 18 April 2011 13:43:12 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:39:44 UTC