ISSUE-54: relation between X509 certificates and WebID

self-signed

relation between X509 certificates and WebID

State:
RAISED
Product:
WebID-authn-TLS-spec
Raised by:
Henry Story
Opened on:
2011-04-18
Description:
Does WebId authentication come in addition to X509 Certificates? How do the two interact? Can one have self signed certificates?

A long thread on this entitled "self-signed" covered this in detail. It started with a request to understand why a particular self signed certificate failed.

http://lists.w3.org/Archives/Public/public-xg-webid/2011Apr/0186.html

It turned out this was due to Apache by default not letting certificates through with extensions marked critical

http://lists.w3.org/Archives/Public/public-xg-webid/2011Apr/0217.html

Though this can be turned off by recompiling apache as explained in

http://lists.w3.org/Archives/Public/public-xg-webid/2011Apr/0207.html

This lead to the question of how X509 certificates relate to WebID:

- Peter Williams explores this where he raises the questions
http://lists.w3.org/Archives/Public/public-xg-webid/2011Apr/0253.html
- Henry Story argues they are orthogonal and complimentary
http://lists.w3.org/Archives/Public/public-xg-webid/2011Apr/0266.html

A discussion on this issue of self signed certificates also is going on on the Dane list of which a recent message "5280 and self-signed ee certs"
http://www.ietf.org/mail-archive/web/dane/current/msg02452.html

The W3C mentions self-signed certs in the section "Self-signed Certificates and Untrusted Root Certificates" in the "Web Security Context: User Interface Guidelines"

http://www.w3.org/TR/wsc-ui/#selfsignedcerts

Language may be needed to be added to the spec to digest this.
Related Actions Items:
No related actions
Related emails:
  1. Re: Should we employ WebID authentication only with Self-signed certificates? (from yunus@yanis.co on 2013-02-07)
  2. Re: Should we employ WebID authentication only with Self-signed certificates? (from henry.story@bblfish.net on 2013-02-01)
  3. Re: Should we employ WebID authentication only with Self-signed certificates? (from yunus@yanis.co on 2013-02-01)
  4. Re: Should we employ WebID authentication only with Self-signed certificates? (from henry.story@bblfish.net on 2013-02-01)
  5. Re: Should we employ WebID authentication only with Self-signed certificates? (from henry.story@bblfish.net on 2013-02-01)
  6. Re: Should we employ WebID authentication only with Self-signed certificates? (from yunus@yanis.co on 2013-02-01)
  7. Re: Should we employ WebID authentication only with Self-signed certificates? (from henry.story@bblfish.net on 2013-01-31)
  8. WebID-ISSUE-54 (bblfish): relation between X509 certificates and WebID [WebID Spec] (from sysbot+tracker@w3.org on 2011-04-18)

Related notes:

No additional notes.

Display change log ATOM feed

Henry Story <Henry.Story@bblfish.net>, Chair, Dominique Hazaƫl-Massieux <dom@w3.org>, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 54.html,v 1.1 2019/12/03 13:25:10 carcone Exp $