ISSUE-54: relation between X509 certificates and WebID
self-signed
relation between X509 certificates and WebID
- State:
- RAISED
- Product:
- WebID-authn-TLS-spec
- Raised by:
- Henry Story
- Opened on:
- 2011-04-18
- Description:
- Does WebId authentication come in addition to X509 Certificates? How do the two interact? Can one have self signed certificates?
A long thread on this entitled "self-signed" covered this in detail. It started with a request to understand why a particular self signed certificate failed.
http://lists.w3.org/Archives/Public/public-xg-webid/2011Apr/0186.html
It turned out this was due to Apache by default not letting certificates through with extensions marked critical
http://lists.w3.org/Archives/Public/public-xg-webid/2011Apr/0217.html
Though this can be turned off by recompiling apache as explained in
http://lists.w3.org/Archives/Public/public-xg-webid/2011Apr/0207.html
This lead to the question of how X509 certificates relate to WebID:
- Peter Williams explores this where he raises the questions
http://lists.w3.org/Archives/Public/public-xg-webid/2011Apr/0253.html
- Henry Story argues they are orthogonal and complimentary
http://lists.w3.org/Archives/Public/public-xg-webid/2011Apr/0266.html
A discussion on this issue of self signed certificates also is going on on the Dane list of which a recent message "5280 and self-signed ee certs"
http://www.ietf.org/mail-archive/web/dane/current/msg02452.html
The W3C mentions self-signed certs in the section "Self-signed Certificates and Untrusted Root Certificates" in the "Web Security Context: User Interface Guidelines"
http://www.w3.org/TR/wsc-ui/#selfsignedcerts
Language may be needed to be added to the spec to digest this. - Related Actions Items:
- No related actions
- Related emails:
- Re: Should we employ WebID authentication only with Self-signed certificates? (from yunus@yanis.co on 2013-02-07)
- Re: Should we employ WebID authentication only with Self-signed certificates? (from henry.story@bblfish.net on 2013-02-01)
- Re: Should we employ WebID authentication only with Self-signed certificates? (from yunus@yanis.co on 2013-02-01)
- Re: Should we employ WebID authentication only with Self-signed certificates? (from henry.story@bblfish.net on 2013-02-01)
- Re: Should we employ WebID authentication only with Self-signed certificates? (from henry.story@bblfish.net on 2013-02-01)
- Re: Should we employ WebID authentication only with Self-signed certificates? (from yunus@yanis.co on 2013-02-01)
- Re: Should we employ WebID authentication only with Self-signed certificates? (from henry.story@bblfish.net on 2013-01-31)
- WebID-ISSUE-54 (bblfish): relation between X509 certificates and WebID [WebID Spec] (from sysbot+tracker@w3.org on 2011-04-18)
Related notes:
No additional notes.
Display change log