[foaf-protocols] elliptic curve certs?

peter williams home_pw at msn.com
Sun Dec 19 21:34:37 CET 2010


This is the pat answer only (specify lots of options, just like SAML did -
most of which NOONE uses).

What I want folks to do is have a long hard thing about RSA itself.

RSA is/was a political animal. On the one hand, its nature broke the power
of the crypto-elites (note to self, must stop reading conspiracy sites).
But, having broken that grip (which was simply out of date), a little
maturity might be in order.

If webid stays out of the encryption wars, and is JUST about URI deferencing
(and all that that entails)... then perhaps one picks a scheme AS THE
BASELINE that does NOT automatically re-start the polemics. There is an
opportunity to change the nature of the crypto-politics, away from the
rather now rather "tedious" cyperpunks agenda.

Remember, I'm hoping that W3C brings something that  forums were not able to
bring before - even though they have been at it for 20+ years. There is a
trust opportunity for W3C I think ...as it reforms itself under its new
management style. It can do things than ITU or IETF just cannot do, because
they are too tied to their constituencies. One can start by challenging some
of the assumptions.




-----Original Message-----
From: Melvin Carvalho [mailto:melvincarvalho at gmail.com] 
Sent: Sunday, December 19, 2010 11:44 AM
To: peter williams
Cc: foaf-protocols at lists.foaf-project.org
Subject: Re: [foaf-protocols] elliptic curve certs?

On 19 December 2010 20:10, peter williams <home_pw at msn.com> wrote:
> Folks just had the usual debate on: should the protocol formulation 
> require only 1 scheme for linked data (promoting minimum 
> interoperability) or encourage a smorgasbord of solutions?
>
>
>
> As I could not fathom the answer this time any better than the last 
> 1000 time I saw the same thread, I'm just going to assume that the id 
> cards are our HTML homepages, marked up with RDFa micro-tags. The RDFa 
> is easy enough for me to use, and is structured enough for computers to
process rigorously.
>
>
>
> Now, the topic of public key crypto has also come up. According to 
> some, some of its patents and patent history fundamentally biased the 
> web. Though I know that is not true, it's irrelevant. At the same 
> time, patents did enable the RSA element of the public key cipering 
> world to become very widely used, except in US government and similar
circles.
>
>
>
> Do we/you want the RSA assumption to carry forward? Should there be 
> real consideration of other schemes, based on elliptic curves, for 
> example? Will DNSsec be using RSA for our naming recordations? Should 
> WebID client certs be specifically not RSA, if DNSsec is - so to do 
> some disaster preparedness for the inevitable crypto emergency?
>
>
>
> It's not really for the incubator to decide these question; but it is 
> appropriate to question the presumptions we/you may have. It's not 
> really in the scope of the incubator to plan a national or 
> trans-national infrastructure; and neither does the scope address
"critical infrastructure"
> requirements. At the same, one has to recognize that the web is big; 
> and the group intends the WebID to be as big as SSL.
>
>
>
> With little doubt, SSL is already a trans-national infrastructure. I 
> would not want to carry forward some of the foibles present in today's 
> crypto-based identity. Some of the foibles are due to nature of RSA 
> and its patent history; and thus its worth considering : has RSA had 
> its moment of glory?

I think it could eventually be extensible like XMLSig KeyInfo?

The following list summarizes the KeyInfo types that are allocated an
identifier in the &dsig; namespace; these can be used within the
RetrievalMethod Type attribute to describe a remote KeyInfo structure.

    * http://www.w3.org/2000/09/xmldsig#DSAKeyValue
    * http://www.w3.org/2000/09/xmldsig#RSAKeyValue
    * http://www.w3.org/2000/09/xmldsig#X509Data
    * http://www.w3.org/2000/09/xmldsig#PGPData
    * http://www.w3.org/2000/09/xmldsig#SPKIData
    * http://www.w3.org/2000/09/xmldsig#MgmtData

In addition to the types above for which we define an XML structure, we
specify one additional type to indicate a binary (ASN.1 DER) X.509
Certificate.

    * http://www.w3.org/2000/09/xmldsig#rawX509Certificate

Not sure how much will be in scope tho.
>
> _______________________________________________
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
>



More information about the foaf-protocols mailing list