Re: cert:fingerprint ?

On 22 Nov 2011, at 17:25, Kingsley Idehen wrote:

> To cut a long story short, please look at: http://id.myopenlink.net/describe/?uri=http%3A%2F%2Fwww.openlinksw.com%2Fschemas%2Fcert%23Certificate . Follow the links.

Feature request for /describe: show, in a copy & pastable form, the ACTUAL URL. I’m sure I’m not the only one who finds it easier to read an RDF document than poking through that tabular interface.

I did follow the links, and I'm none the wiser as to what it is you're trying to show me.

<http://www.openlinksw.com/schemas/cert> tells me even *less* about what constitutes a fingerprint than WOT does? it's just… a string which happens to be attached to a certificate?

> We are using the Fingerprint as an optional alternative to looking up modulus and exponent. WebID adds "mirrored claims" to the mix re. TLS handshake. I believe modulus and exponent where initially choosen for this "mirrored claims" lookup on the basis of being the critical part of the security token used for the successful handshake. We've opted to add fingerprints to the mix since they are more compact and enable use leverage existing platforms like Twitter re. WebID publication.

How does (as a user) Twitter use fingerprints? It's never asked me for a key, nor to my knowledge published one on my behalf? I am mystified.

Your original point was "there's conflation between certs and keys going on", which I don't doubt — because everything which talks about 'fingerprints' tends to not specify *what* binary data is being hashed and how, but all of the real-world uses of fingerprints in their various guises seem to be key-oriented, not cert-oriented, even if they pretend otherwise by being attached to certificates and certificate-related things.

M.

-- 
Mo McRoberts - Technical Lead - The Space,
0141 422 6036 (Internal: 01-26036) - PGP key CEBCF03E,
Project Office: Room 7083, BBC Television Centre, London W12 7RJ

Received on Tuesday, 22 November 2011 17:54:53 UTC