W3C home > Mailing lists > Public > public-xg-webid@w3.org > June 2011

gmail names, trust list limits

From: Peter Williams <home_pw@msn.com>
Date: Wed, 15 Jun 2011 11:17:16 -0700
Message-ID: <SNT143-w20C856293C67DAA71BE507926B0@phx.gbl>
To: "public-xg-webid@w3.org" <public-xg-webid@w3.org>

Now, for some sites including Gmail, Chrome only can obtain certificates originating only from a short list of providers, not from the hundreds available on the global Internet. That list includes Verisign, Google Internet Authority, Equifax, and GeoTrust, according to a blog post by Adam Langley, a Google programmer. He adds that the list is visible in Chrome's source code. 

Read more: http://news.cnet.com/8301-30685_3-20071239-264/chrome-encrypts-gmail-whether-you-want-it-or-not/#ixzz1PMwXkrTM
concerning the above "invention", its long been possible using standards (vs propreitary techniques) to bind a naming authority (and thus its registered names) to a list of CA which are entitled to further bind pubkeys to those (registered) names.
This is just the speaksFor relation, expressed in some implementation method (ssl, and bits and bytes of certs/DNS, etc)
Now, as I think we ALL finally know, the last 10 years of https has been a duplicitous affair - in which corporate or ISPs could introduce certs into browser trusted - speaking for any given domain name. The browser vendor controls the speaksFor relations components, that is - not the user.
What is going to be interesting, as the UCI space of webid plays against the corporate/national interest space of Google (et al), is whether the browser technology that decide WHO is (also) entitled to speakFor a namespace can be opened up - so that in addition to projecting Google-policy over trust for certain namespaces, the same enforcement techniques can be used by others - to im plemnet their own projections (for their own namespaces).
Looking for the middle ground between the corporate and individual interests, recognizing both have something to win in a partnership, I could live with google controlling gmail namespace, if the same level of assurance enabled me to - automous of Google's empire -  similarly control my namespaces. The social trick will be to ensure (since is a US company) that it has not at some level sought to retain some right of control or otherwise govern how I operate, when using its browser.
(It was fun to be reading all about 1930s tubes recently, where on saw restrictive licenses (of the say) - limiting the USE of the tube. It wasnt seen as a commodity component, but as a value-component - in which its value was a function of the use made.)
Im hoping that after the recent conferences, folks are moving beyond research - wanting to fit in with what the internet vendors are doing in identity. to have any impact, this is going to mean bringing some value, and living with some of the tradeoffs. Im hoping folks are seeing that the world revolution around webid probably dont happen, by itself. The t echniques will have to be "applied" and "harmonized" with "legacy" id management if there is to be a result beyond research papers and 3 person pilots. 		 	   		  
Received on Wednesday, 15 June 2011 18:17:44 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:39:45 UTC