RE: WebID-ISSUE-28 (bblfish): How does the WebID protocol (foaf+ssl) interact with TLS proxies [User Interface/Browsers]

What follows is excellent - and its reinforcing why I asked that "DTLS" (and
EAP-TTLS, and SSL for uPnP, and .) be included in the incubator charter: to
allow the whole topic of non-traditional SSL handshakes to be considered. We
really are defining https-ng, including its connectionless variants.

 

Related: At the IETF meeting in Maastrict (July 2010) there was a  

presentation at the SAAG meeting about a method to allow enterprise  

scanning of encrypted traffic by scanners along the network.  

 <http://www.ietf.org/proceedings/78/slides/saag-2.pdf>
http://www.ietf.org/proceedings/78/slides/saag-2.pdf .

 

We are going to have maintain the split, between what IETF is good at and
what W3C can add - when bringing onto the internet the foaf:agent that makes
logical statements (now authenticated-statements) in purely
information-object based layer-7 protocols.

 

In one sense, the secure semantic web reduces the internet to a bit pipe.
All the internet has to do is enable SSL handshakes to occur, which logical
theorems then compose to define signaling protocols with properties X Y and
Z. In another sense, the internet can get us to 80% assurance of such a
handshake-sigalling infrastructure quickly, allowing the web then to add n
20% additional assurance for each sub-community that cares enough to get its
act together and compose those handshakes for theorem P, Q and R.

 

The trick is to retain the divide between web and internet, so the
domineering goal of a single uniform security architecture for the internet
doesn't interfere with the delivery of the many 20% value adds that the web
can bring. If I think of the internet as delivering 80% of the low assurance
by default, I think of the web as adding for 20% more effort medium
assurance(s). If the web wants to subclass the internet and override its
assurance with something better defined for a particular group, it  can.