Re: [foaf-protocols] Secure Email using WebID and Webfinger

I'm noticing that folks generally are "failing to explain" how the ssl server verifies that the graph in the asserted foaf card (with the rsa keying material) is bound to the user who just performed ssl client auth.

On Jan 25, 2011, at 10:55 PM, Daniël Bos (远洋) <> wrote:

> I just wanted to share an idea I had recently:
> A couple of months ago it was shown on the list how a WebID
> certificate could be transformed into a PGP key-pair (I believe by
> Nathan). At the time I didn't pay a lot of attention to it, because
> using PGP is a bit of a pain in the b*tt because of the whole key
> distribution problem. Recently, however, I had a bit of an epiphany on
> how this could be made completely transparent and much more
> user-friendly. (I wrote up a blog post at:
> What if we'd mix in a bit of Webfinger, and use the WebID profile as a
> way to get to someone's public key? When composing an email, upon
> entering the recipients email address, a smart email application can
> go off to do a Webfinger lookup and find the link to the user's WebID
> profile. From this profile it can find the recipients public key,
> which may be used to encrypt the message. On the other hand it can use
> it's own private key to sign the message, while the recipient can use
> the senders address to do the same lookup to get to the senders public
> key for verification.
> Now you can not only send email securely and private, but you can also
> use other information from a user's WebID profile to make the whole
> email experience a lot better. (collate messages from various email
> addresses under the same user, use the depiction, use address and
> birthday, take advantage of the social graph to partition email, etc.)
> -- 
> 远洋 / Daniël Bos
> email  :
> phone  : +31-318-711063 (Dutch) / +86-18-701330735 (Chinese)
> weblog :
> ostatus:
> _______________________________________________
> foaf-protocols mailing list

Received on Wednesday, 26 January 2011 17:06:34 UTC