- From: Henry Story <henry.story@bblfish.net>
- Date: Wed, 26 Jan 2011 11:52:07 +0100
- To: Daniël Bos (远洋) <corani@gmail.com>
- Cc: FOAF Protocols <foaf-protocols@lists.foaf-project.org>, public-xg-webid@w3.org
That is a good use case Daniel. At a later stage one could imagine even being able to avoid WebFinger by having a new e-mail header such as Sent-by-WebID: . For the WebID spec it raises the question whether one might not need to publish one's public keys even after they have expired - (one lost one's public key or something). For example if someone sent me an e-mail on a certain date that he signed I might still want to verify his signature. His public key could be thought as being valid until a certain date. [ something to add to the issues list ? ] As far as making e-mail safer, the foaf-protocols list came up with a RESTful solution, that in my view would bypass the need to do anything to the slow moving clients, and could even help us put an end to e-mail completely. The idea is simply to think of blog entries as e-mails written to the world. If you add access control to a blog entry so that only one person can read it, and you find a way to ping them using http://esw.w3.org/Pingback perhaps, then they can come and read their mail. You need only then add an SMTP to RESTful mail proxy, and you could read your RESTful mail with a normal mail client. See the thread: http://markmail.org/thread/zi546wy4x6avbbff Those solutions are not exclusive of course. Henry On 26 Jan 2011, at 07:55, Daniël Bos (远洋) wrote: > I just wanted to share an idea I had recently: > > A couple of months ago it was shown on the list how a WebID > certificate could be transformed into a PGP key-pair (I believe by > Nathan). At the time I didn't pay a lot of attention to it, because > using PGP is a bit of a pain in the b*tt because of the whole key > distribution problem. Recently, however, I had a bit of an epiphany on > how this could be made completely transparent and much more > user-friendly. (I wrote up a blog post at: > http://blog.loadingdata.nl/2011/01/secure-e-mail-using-webid/) > > What if we'd mix in a bit of Webfinger, and use the WebID profile as a > way to get to someone's public key? When composing an email, upon > entering the recipients email address, a smart email application can > go off to do a Webfinger lookup and find the link to the user's WebID > profile. From this profile it can find the recipients public key, > which may be used to encrypt the message. On the other hand it can use > it's own private key to sign the message, while the recipient can use > the senders address to do the same lookup to get to the senders public > key for verification. > > Now you can not only send email securely and private, but you can also > use other information from a user's WebID profile to make the whole > email experience a lot better. (collate messages from various email > addresses under the same user, use the depiction, use address and > birthday, take advantage of the social graph to partition email, etc.) > > -- > 远洋 / Daniël Bos > > email : corani@gmail.com > phone : +31-318-711063 (Dutch) / +86-18-701330735 (Chinese) > weblog : http://blog.loadingdata.nl/ > ostatus: corani@status.loadingdata.nl > _______________________________________________ > foaf-protocols mailing list > foaf-protocols@lists.foaf-project.org > http://lists.foaf-project.org/mailman/listinfo/foaf-protocols Social Web Architect http://bblfish.net/
Received on Wednesday, 26 January 2011 10:52:43 UTC