- From: Renato golin <renato@ebi.ac.uk>
- Date: Fri, 28 Mar 2008 15:27:03 +0000
- To: bnowack@semsol.com
- CC: Story Henry <henry.story@bblfish.net>, foaf-dev of a Friend <foaf-dev@lists.foaf-project.org>, Semantic Web <semantic-web@w3.org>
Benjamin Nowack wrote: > A [resource server] could of course always reject non-PGP-encrypted > tokens, or PGP-encrypted tokens. After all, it's the [resource server]'s > decision what to accept. RDFAuth-wise, we just have to make sure that > both methods can be implemented easily. As it happens today with SMTP/IMAP/POP you can authenticate or not through several different schemes without loosing functionality. It's up to the server to define what's acceptable and what's not. Google's IMAP is authenticated and work through SSL and I didn't loose a single feature I wanted, so I guess we can always define several layers of security which can be implemented but limit this number to a minimum (none, minimal and secure) to avoid creating too many standards. Again, PGP is not unique, fail-proof nor fool-proof as we well know, but it's one of the standards... If we are to create a new standard for sharing keys we must have a hell of an excuse to do so and even then I would rather bug off the GPG guys to change it than re-write it myself. cheers, --renato
Received on Friday, 28 March 2008 15:27:53 UTC