[foaf-protocols] elliptic curve certs?

Melvin Carvalho melvincarvalho at gmail.com
Sun Dec 19 20:43:46 CET 2010


On 19 December 2010 20:10, peter williams <home_pw at msn.com> wrote:
> Folks just had the usual debate on: should the protocol formulation require
> only 1 scheme for linked data (promoting minimum interoperability) or
> encourage a smorgasbord of solutions?
>
>
>
> As I could not fathom the answer this time any better than the last 1000
> time I saw the same thread, I’m just going to assume that the id cards are
> our HTML homepages, marked up with RDFa micro-tags. The RDFa is easy enough
> for me to use, and is structured enough for computers to process rigorously.
>
>
>
> Now, the topic of public key crypto has also come up. According to some,
> some of its patents and patent history fundamentally biased the web. Though
> I know that is not true, it’s irrelevant. At the same time, patents did
> enable the RSA element of the public key cipering world to become very
> widely used, except in US government and similar circles.
>
>
>
> Do we/you want the RSA assumption to carry forward? Should there be real
> consideration of other schemes, based on elliptic curves, for example? Will
> DNSsec be using RSA for our naming recordations? Should WebID client certs
> be specifically not RSA, if DNSsec is – so to do some disaster preparedness
> for the inevitable crypto emergency?
>
>
>
> It’s not really for the incubator to decide these question; but it is
> appropriate to question the presumptions we/you may have. It’s not really in
> the scope of the incubator to plan a national or trans-national
> infrastructure; and neither does the scope address “critical infrastructure”
> requirements. At the same, one has to recognize that the web is big; and the
> group intends the WebID to be as big as SSL.
>
>
>
> With little doubt, SSL is already a trans-national infrastructure. I would
> not want to carry forward some of the foibles present in today’s
> crypto-based identity. Some of the foibles are due to nature of RSA and its
> patent history; and thus its worth considering : has RSA had its moment of
> glory?

I think it could eventually be extensible like XMLSig KeyInfo?

The following list summarizes the KeyInfo types that are allocated an
identifier in the &dsig; namespace; these can be used within the
RetrievalMethod Type attribute to describe a remote KeyInfo structure.

    * http://www.w3.org/2000/09/xmldsig#DSAKeyValue
    * http://www.w3.org/2000/09/xmldsig#RSAKeyValue
    * http://www.w3.org/2000/09/xmldsig#X509Data
    * http://www.w3.org/2000/09/xmldsig#PGPData
    * http://www.w3.org/2000/09/xmldsig#SPKIData
    * http://www.w3.org/2000/09/xmldsig#MgmtData

In addition to the types above for which we define an XML structure,
we specify one additional type to indicate a binary (ASN.1 DER) X.509
Certificate.

    * http://www.w3.org/2000/09/xmldsig#rawX509Certificate

Not sure how much will be in scope tho.
>
> _______________________________________________
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
>


More information about the foaf-protocols mailing list