Re: Getting Serious about WebID Bootstrap

On 10/1/12 7:52 AM, David Chadwick wrote:
> Hi Kingsley
>
> On 30/09/2012 18:20, Kingsley Idehen wrote:
>> On 9/30/12 2:54 AM, David Chadwick wrote:
>>> Hi Bart
>>>
>>> I was not able to validate your certificate with Thunderbird. The
>>> certificate issuer (O=netage) is not trusted. Also there was no self
>>> signed CA certificate displayed to me by Thunderbird, so I cannot tell
>>> whether you included this in your certificate chain or not. I suspect
>>> not.
>>>
>>> After exporting your cert to a file, it was not possible to import it
>>> into either Thunderbird or Firefox as the signer is unknown and
>>> untrusted. So I am not able to validate your signed message
>>
>> The problem here is that Thunderbird just another example of a tool with
>> poor UX. It is still hardwired to the flaw and centralized CA (cert.
>> authority) network. A modern UX will let the user decide if they want to
>> trust an identity or not. This is what you see on iOS, for instance.
>> Ditto if using Mac Mail.
>>
>> Back to WebID and Thunderbird, even if you have a "?" (or some other UI
>
> Worse than that, its a big red cross X

I've come to accept that big red cross as meaning: awesome ! :-)
>
>> cue that warns you about the senders cert.) the real value lies in being
>> able to view the (artificially questionable) certificate en route to
>> locating the WebID embedded in the SAN (Subject Alternative Name) slot.
>> Once you locate the WebID (which is just a Personal de-referencable URI)
>> simply cut and paste to your browser and the full effect manifests :-)
>
> But you are correct. Cutting and pasting the SAN URL into a browser 
> does bring up everything about your web id

Yep! And that's the magic. "You"  (not a warped email client) determines 
where such an email ends up.

It gets much more interesting when IMAP4+WebID is added to the mix which 
I'll hone into next.


Kingsley
>
> regards
>
> David
>
>>
>> Kingsley
>>>
>>> regards
>>>
>>> David
>>>
>>>
>>>
>>> On 29/09/2012 09:43, Bart van Leeuwen wrote:
>>>> Hi Kingsley,
>>>>
>>>> You are right ! we need to start using it ourselves as well !
>>>>
>>>> I'm sending this message with Lotus Notes 8.5 and signed it with my
>>>> WebID certificate.
>>>>
>>>> The only 'issue' I had was that the webid certificate should include a
>>>> certification chain, I used XCA on linux to create a selfsigned CA and
>>>> then created a WebID certificate with that.
>>>> Exported the certificate as PKCS#12 format with keychaing and used the
>>>> following guide to import it.
>>>>
>>>> http://www.oreillynet.com/sysadmin/blog/2005/08/sending_smime_encryptedsigned.html 
>>>>
>>>>
>>>>
>>>>
>>>> Met Vriendelijke Groet / With Kind Regards
>>>> Bart van Leeuwen
>>>> @semanticfire
>>>>
>>>> ##############################################################
>>>> # netage.nl
>>>> # http://netage.nl <http://netage.nl/>
>>>> # Enschedepad 76
>>>> # 1324 GJ Almere
>>>> # The Netherlands
>>>> # tel. +31(0)36-5347479
>>>> ##############################################################
>>>>
>>>>
>>>>
>>>> From: Kingsley Idehen <kidehen@openlinksw.com>
>>>> To: "public-rww@w3.org" <public-rww@w3.org>, WebID XG
>>>> <public-xg-webid@w3.org>,
>>>> Date: 28-09-2012 13:37
>>>> Subject: Getting Serious about WebID Bootstrap
>>>> ------------------------------------------------------------------------ 
>>>>
>>>>
>>>>
>>>>
>>>> All,
>>>>
>>>> Bootstrapping anything on the Web requires technology implementer 
>>>> to use
>>>> (dog-food) whatever technology they seek to promote to others. Thus, I
>>>> would like to encourage every participant in the RWW and WebID 
>>>> community
>>>> groups to make a best-effort to start signing emails, moving forward.
>>>>
>>>> Naturally, these emails should be signed using an WebID watermarked
>>>> X.509 certificate. Certificate generation choices include:
>>>>
>>>> 1. Native generators that come with your desktop OS -- Mac OS X,
>>>> Windows, and Linux all include such a utility
>>>> 2. Certificate generators from WebID IdPs -- I have a list here:
>>>> http://delicious.com/kidehen/webid+webid_idp(ping me if you have a
>>>> generator that's unlisted) .
>>>>
>>>> Over the last year or so, I've written a number of how-to guides [1]
>>>> covering how to sign emails across all the major native email clients.
>>>>
>>>> Once again, if we don't sign our emails we loose a simple 
>>>> opportunity to
>>>> showcase the utility of WebIDs and the WebID authentication protocol.
>>>> Being able to follow-your-nose from a WebID that watermarks an email
>>>> senders certificate is a very simple utility showcase for both 
>>>> WebID and
>>>> Linked Data.
>>>>
>>>> We can do this!
>>>>
>>>> Links:
>>>>
>>>> 1. http://bit.ly/VTnxzz-- collection of G+ hosted howtos (for all the
>>>> major native email clients) covering how to digitally sign emails .
>>>>
>>>> -- 
>>>>
>>>> Regards,
>>>>
>>>> Kingsley Idehen
>>>> Founder & CEO
>>>> OpenLink Software
>>>> Company Web: http://www.openlinksw.com <http://www.openlinksw.com/>
>>>> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
>>>> Twitter/Identi.ca handle: @kidehen
>>>> Google+ Profile: https://plus.google.com/112399767740508618350/about
>>>> LinkedIn Profile: http://www.linkedin.com/in/kidehen
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>


-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen