Re: self-signed

On 4/18/11 12:47 PM, Peter Williams wrote:
> There is a double standard in effect.

Yes.

> But it's not malicious.

Not assuming it is. Its existence has logical problems :-)

> It's has the usual "web guardians" basis - special initiates who keep the faith. They are annoying but predictable, being similar to the pki initiates in tone and rhetoric.
> The usual trick is to agree to disagree. Define conformance but butt out of platform specific matters.

Yes, and its the "platform specificity" issue that is ultimately 
problematic.

WWW is has a very high "agree to disagree" quotient. It's in the AWWW 
DNA. Thus, I like to remind everyone from time to time about this being 
sacrosanct.

> The conformance characterizes the assumptions of the design, arguing that 80% compliance is a lot better world than the world of public client certs today.

Yes, but remember, as you've argued in different context, making what 
exists work is the best solution of all re. adoption bootstrap :-)


Kingsley
>
>
> On Apr 18, 2011, at 8:42 AM, Kingsley Idehen<kidehen@openlinksw.com>  wrote:
>
>> On 4/18/11 10:50 AM, Henry Story wrote:
>>> On 18 Apr 2011, at 16:25, Kingsley Idehen wrote:
>>>
>>>> Note: there is a mailto: scheme URI attribute=value pair associated with 'Subject':
>>>>
>>>> Subject: C=US, ST=Maryland, L=Pasadena, O=Brent Baccala,
>>>>                 OU=FreeSoft, CN=www.freesoft.org/emailAddress=baccala@freesoft.org
>>> That is indeed an option.
>>>
>>>> If that's all there is in a Certificate, bearing in mind this is the very cheapest Certificate to produce in the real world.
>>> I am not sure there is a price difference between a self signed v3 cert and a v1 certificate. If you can make one you can make the other.
>> Who is "You" ?
>>
>> The issue boils down to HTTP scheme URI and SAN entry.
>>
>> Cost, to be clearer (on my part) also included fact that when something exists out in the wild the cost of production == $0.00 :-) Thus, I really meant: there are lots of certs like this already in the wild that don't use HTTP scheme URIs and nothing in SAN. This is really where Webfinger, Fingerpoint come into their own re. WebID vector potential.
>>
>>>> Ditto most prevalent i.e., no SAN, why shouldn't WebID be capable of doing this?
>>> It would be able to do this. It's a question of trying to keep things simple.
>> But when you say that its akin to someone saying: although I talk about Semantics, I oriented towards Syntax for sake of simplicity. We can't keep on using "simple" in very subjective way.
>>
>> As you know, I don't think WebID is about "Simply Simple" its is about "Deceptively Simple", that's inherited from its AWWW DNA courtesy of Linked Data.
>>
>>> The advantage of SAN is that they are clearly defined for the purpose we are using them for, and you can put e-mail addresses in there too.
>> I understand that, but the real world already have Certs. constructed in the manner outlined. I really believe minimizing inertia is the key to boostrap. When I architect products at OpenLink I always oriented to "minimal inertia". To the uninitiated this appears to be a bizarre preoccupation with protocol implementation, but that's far from it. It about the pragmatics of real technology bootstrap by dealing with the realities out in the wild.
>>
>> We don't need to tell people what's best for them if we can show them how a new technology makes what they already have better, with minimal (if any) inertia associated infrastructure changes etc..
>>
>>>   I am not sure of the issues that come up with the above scheme, how standards based they are, etc... It is good to have it as an option if we need it. But I don't see that the arguments for it are very strong yet.
>>>
>>>> It just boils down to being scheme agnostic
>>> You're not being scheme agnostic with mailto uris it seems to me.
>> Of course I am, the IdP is going to determine the canonical WebID and then de-reference it. You can de-reference a "mailto:" scheme URI using HTTP as exemplified by Webfinger and Fingerpoint.
>>
>>>   And it seems that sending e-mail uris around the web is not such a good idea as far as spam is concerned.
>> If WebID can't alleviate the scourge of SPAM, what on earth is its ultimate purpose?
>>
>>> SANs and IANs are scheme agnostic on the other hand.
>> So what? No the point when dealing with inertia reduction based on working with what exists already (however imperfect it might be).
>>
>> You are making the same old mistake that most programmers have made repeatedly over time i.e., technology implementer (the coder, typically) knows best. Sadly, that isn't true. Users are typically domain and subject matter experts that are time challenged and don't write code. Being the one that writes the code != best comprehend-er of the discourse domain or the subject matter intrinsic to the domain.
>>
>>
>>>> and letting the IdP deal with the de-reference functionality. Remember, Linked Data is just a Webby way of handling de-reference and address-of operators that lies at the root of all forms of data access by reference.
>>>
>>>
>>> Social Web Architect
>>> http://bblfish.net/
>>>
>>>
>>>
>>
>> -- 
>>
>> Regards,
>>
>> Kingsley Idehen
>> President&   CEO
>> OpenLink Software
>> Web: http://www.openlinksw.com
>> Weblog: http://www.openlinksw.com/blog/~kidehen
>> Twitter/Identi.ca: kidehen
>>
>>
>>
>>
>>
>>
>>


-- 

Regards,

Kingsley Idehen	
President&  CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen

Received on Monday, 18 April 2011 17:19:43 UTC