- From: Benjamin Nowack <bnowack@semsol.com>
- Date: Fri, 28 Mar 2008 14:15:41 +0100
- To: Renato Golin <renato@ebi.ac.uk>
- Cc: Story Henry <henry.story@bblfish.net>, Semantic Web <semantic-web@w3.org>, foaf-dev of a Friend <foaf-dev@lists.foaf-project.org>
On 28.03.2008 12:52:15, Renato Golin wrote: > >Benjamin Nowack wrote: >> Hmm, ok, but wouldn't users also have to upload a private key >> to my server? And my app would have to send the private key >> to the encryption service, which I guess isn't too cool either. > >Absolutely not! That's not acceptable under any circumstances, >especially when designing a (secure) authentication system... ;) OK, that's what I thought, too. So, PGP can't be a prerequisite for RDFAuth running on web servers. >Your private key remains in your machine always because only you can >start requests with your private key anyway. There are some key managers >on KDE and Gnome and Thunderbird as well. OK, then it won't work for RDFAuth where the requests are done by automated server scripts, unless we generate additonal, temporary key pairs that are used only by an RDFAuth app. But then we run into sync/cache issues, I guess. Benji > >cheers, >--renato > -- Benjamin Nowack http://bnode.org/
Received on Friday, 28 March 2008 13:16:14 UTC