- From: 远洋 <corani@gmail.com>
- Date: Wed, 26 Jan 2011 14:55:40 +0800
- To: FOAF Protocols <foaf-protocols@lists.foaf-project.org>, public-xg-webid@w3.org
I just wanted to share an idea I had recently: A couple of months ago it was shown on the list how a WebID certificate could be transformed into a PGP key-pair (I believe by Nathan). At the time I didn't pay a lot of attention to it, because using PGP is a bit of a pain in the b*tt because of the whole key distribution problem. Recently, however, I had a bit of an epiphany on how this could be made completely transparent and much more user-friendly. (I wrote up a blog post at: http://blog.loadingdata.nl/2011/01/secure-e-mail-using-webid/) What if we'd mix in a bit of Webfinger, and use the WebID profile as a way to get to someone's public key? When composing an email, upon entering the recipients email address, a smart email application can go off to do a Webfinger lookup and find the link to the user's WebID profile. From this profile it can find the recipients public key, which may be used to encrypt the message. On the other hand it can use it's own private key to sign the message, while the recipient can use the senders address to do the same lookup to get to the senders public key for verification. Now you can not only send email securely and private, but you can also use other information from a user's WebID profile to make the whole email experience a lot better. (collate messages from various email addresses under the same user, use the depiction, use address and birthday, take advantage of the social graph to partition email, etc.) -- 远洋 / Daniël Bos email : corani@gmail.com phone : +31-318-711063 (Dutch) / +86-18-701330735 (Chinese) weblog : http://blog.loadingdata.nl/ ostatus: corani@status.loadingdata.nl
Received on Wednesday, 26 January 2011 06:56:33 UTC