Re: RDFAuth: an initial sketch

Benjamin Nowack wrote:
> A [resource server] could of course always reject non-PGP-encrypted 
> tokens, or PGP-encrypted tokens. After all, it's the [resource server]'s 
> decision what to accept. RDFAuth-wise, we just have to make sure that
> both methods can be implemented easily.

As it happens today with SMTP/IMAP/POP you can authenticate or not 
through several different schemes without loosing functionality. It's up 
to the server to define what's acceptable and what's not.

Google's IMAP is authenticated and work through SSL and I didn't loose a 
single feature I wanted, so I guess we can always define several layers 
of security which can be implemented but limit this number to a minimum 
(none, minimal and secure) to avoid creating too many standards.

Again, PGP is not unique, fail-proof nor fool-proof as we well know, but 
it's one of the standards... If we are to create a new standard for 
sharing keys we must have a hell of an excuse to do so and even then I 
would rather bug off the GPG guys to change it than re-write it myself.

cheers,
--renato

Received on Friday, 28 March 2008 15:27:53 UTC