Secure Email using WebID and Webfinger

I just wanted to share an idea I had recently:

A couple of months ago it was shown on the list how a WebID
certificate could be transformed into a PGP key-pair (I believe by
Nathan). At the time I didn't pay a lot of attention to it, because
using PGP is a bit of a pain in the b*tt because of the whole key
distribution problem. Recently, however, I had a bit of an epiphany on
how this could be made completely transparent and much more
user-friendly. (I wrote up a blog post at:
http://blog.loadingdata.nl/2011/01/secure-e-mail-using-webid/)

What if we'd mix in a bit of Webfinger, and use the WebID profile as a
way to get to someone's public key? When composing an email, upon
entering the recipients email address, a smart email application can
go off to do a Webfinger lookup and find the link to the user's WebID
profile. From this profile it can find the recipients public key,
which may be used to encrypt the message. On the other hand it can use
it's own private key to sign the message, while the recipient can use
the senders address to do the same lookup to get to the senders public
key for verification.

Now you can not only send email securely and private, but you can also
use other information from a user's WebID profile to make the whole
email experience a lot better. (collate messages from various email
addresses under the same user, use the depiction, use address and
birthday, take advantage of the social graph to partition email, etc.)

-- 
远洋 / Daniël Bos

email  : corani@gmail.com
phone  : +31-318-711063 (Dutch) / +86-18-701330735 (Chinese)
weblog : http://blog.loadingdata.nl/
ostatus: corani@status.loadingdata.nl

Received on Wednesday, 26 January 2011 06:56:33 UTC