W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

Re: self-signed

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Mon, 18 Apr 2011 20:43:07 -0400
Message-ID: <4DACDA9B.2080904@openlinksw.com>
To: public-xg-webid@w3.org
On 4/18/11 5:07 PM, Mo McRoberts wrote:
> On 18 Apr 2011, at 21:52, Kingsley Idehen wrote:
> >> A good idea, but let's speak numbers.
> >>
> >> How many certs with e-mail addresess as you published are there really?
> >> Of those how many are client certs? How many of those have mailto 
> uris that are backed by webfinger?
> >
> > Please re-read the sentences above.
> >
> > This has nothing to do with Webfinger bar the fact that it solves 
> the bigger issue of making a "mailto:" scheme URI a de-referencable 
> URI. That's it.
> Let's phrase it another way:
> How many certificates which are potentially WebID certs (that is, have 
> some kind of identifier which COULD be resolved if the server knew 
> how) are actually out there?
> We already know SSL client certificates pretty much failed. It doesn't 
> matter how many GMail e-mail addresses are out there if they don't 
> already have certificates, because brand new certs which conform in 
> whatever way the WebID coin lands can be generated.
> I can't help but wonder if there is some cross-purpose arguing going on.

> You're saying "WebID should support more than just http URIs"

It shouldn't be scheme specific in any shape or form.

> Peter, on the other hand, is saying "WebID should work with X.509v1 
> certificates, ignore critical extension, basically work with whatever 
> certificates are *already out there* [even though we know that none of 
> them are actually WebID certs!]"
> Henry's saying "WebID should be built on X.509v3 with the URI in the 
> SAN [or possibly IAN?], but for the moment let's focus on HTTP[s] URIs 
> in building the testsuite, then move onto other schemes"
Yes, but Henry assumes that when I make a comment about WebID and scheme 
agnosticism I am also making a call for implementation protraction. 
Whereas I am simply saying: do not encourage breaking the core concept 
under the subjective use of the "simple" escape. Just have developers 
understand that :

1. WebID is scheme agnostic
2. When you implement something that isn't scheme agnostic, say so in a 
clear way via: UI and/or error messages. Worst case say: I don't 
understand this scheme or I can't discern a comprehensible WebID; don't 
say any of the conditions just mentioned == Wrong.

> Is that a fair summary?
> Kingsley, Henry isn't --- I don't think --- actually disagreeing with 
> you, it's just a matter of prioritising the initial work.

Henry is sort of misunderstanding me, since nothing I am saying affects 
initial work. Its about making initial implementers understand the scope 
of WebID etc..
> Correct me if I'm wrong.

100% accurate :-)

> --
> Mo McRoberts - Data Analyst - Digital Public Space,
> Zone 1.08, BBC Scotland, 40 Pacific Quay, Glasgow G51 1DA,
> Room 7066, BBC Television Centre, London W12 7RJ,
> 0141 422 6036 (Internal: 01-26036) - PGP key 0x663E2B4A
> http://www.bbc.co.uk
> This e-mail (and any attachments) is confidential and may contain 
> personal views which are not the views of the BBC unless specifically 
> stated.
> If you have received it in error, please delete it from your system.
> Do not use, copy or disclose the information in any way nor act in 
> reliance on it and notify the sender immediately.
> Please note that the BBC monitors e-mails sent or received.
> Further communication will signify your consent to this. 



Kingsley Idehen	
President&  CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen
Received on Tuesday, 19 April 2011 00:43:32 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:39:44 UTC