[foaf-dev] RDFAuth_Sketch: what are we trying to solve

Story Henry henry.story at bblfish.net
Tue Apr 1 14:48:53 BST 2008


On 1 Apr 2008, at 15:22, Anthony Steele wrote:
> Story Henry wrote:
>
> > But instead of requiring an Identity server we use
>> PGP asymmetric key cryptography to identify the User Agent Owner.
>
> A point of order: In this context, PGP stands for "Pretty Good  
> Privacy".  It is a particular implementation, albeit a  
> groundbreaking one.  GPG (http://gnupg.org/ ) is another. I don't  
> want to be tied to an implementation when I can use standards.

Yes quite right. I was thinking of any algorithm that would use public  
key encryption, and that would allow a public key to be safely  
published on the web.

As with HTTPS I can imagine that a good protocol would be flexible as  
to which algorithm to use.
Toby Inkster had a some interesting thoughts on how this could relate  
to https

   http://www.w3.org/mid/62649.81.2.120.180.1206622777.squirrel@goddamn.co.uk

Henry


> I see from Wikipedia (http://en.wikipedia.org/wiki/ 
> Pretty_Good_Privacy )
> that the relevant standard for public-key cryptography is rfc4880 (http://tools.ietf.org/html/rfc4880 
>  )
>
> If this would be easier to implement for me over openId/OAuth  
> depends on the availability of libraries. I haven't had time to look  
> into this or the technical merits of the solution yet.
>
> Anthony

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2429 bytes
Desc: not available
Url : http://lists.usefulinc.com/pipermail/foaf-dev/attachments/20080401/dfaba034/smime.bin


More information about the foaf-dev mailing list