- From: Peter Williams <home_pw@msn.com>
- Date: Thu, 29 Dec 2011 16:36:13 -0800
- To: Mo McRoberts <mo.mcroberts@bbc.co.uk>
- CC: "melvincarvalho@gmail.com" <melvincarvalho@gmail.com>, "kidehen@openlinksw.com" <kidehen@openlinksw.com>, "public-xg-webid@w3.org" <public-xg-webid@w3.org>
In a former life, I spent a lot of effort on authenticide (and the windows driver signing). Eventually one of classmates from school got around to doing java jar singing. Webid was not conceived as an assured key distribution system. It's for site login (with semweb providing unique assurances, most of which have yet to really be demonstrated as fulfilling their potential). We really must not think that we have done anything that supports content distribution. This typically requires a validity model designed for decades and failure modes quite distinct from those affecting site login or blog following/commenting etc. But there is hope. First, let's get reliable ssl session client auth. We are at year 3.... At just this step. Sent from my iPhone On Dec 29, 2011, at 3:44 PM, "Mo McRoberts" <mo.mcroberts@bbc.co.uk> wrote: > > On 29 Dec 2011, at 17:40, Peter Williams wrote: > >> Now, what matters is that folks KEEP *wanting* to link up to a PGP key. Its spirit as a branded movement prevails, and evil other technologies are less welcome (even if more useful). > > PGP remains pretty widely used in certain circles (particularly software distribution, and to a lesser extent e-mail — and if memory serves Outlook with the PGP add-ins is slightly more usefully-behaved than it is when it receives an e-mail signed by a self-issued X.509 cert). > > Being able to tie that back to a WebID is beneficial — “I know foo's WebID, and I can see *their* key signed this package” type of stuff. > > M. > > -- > Mo McRoberts - Technical Lead - The Space, > 0141 422 6036 (Internal: 01-26036) - PGP key CEBCF03E, > Project Office: Room 7083, BBC Television Centre, London W12 7RJ > >
Received on Friday, 30 December 2011 00:36:49 UTC