[foaf-protocols] FOAF+SSL and root certificates
elfarto at elfarto.com
Fri Feb 12 14:50:22 CET 2010
I've been following FOAF+SSL for a while now, and I have a question.
Was there any consensus on the creation of a root certificate/CA for
I ask because the current state of allowing any installed certificate to
be sent could be confusing to users. As it is, my myopenid.com certificate
shows up when using a FOAF+SSL site. This certificate clearly won't work,
so it shouldn't be shown.
Creating a root certificate would make things much clearer, and allow
browsers to provide a better interface when dealing with these
certificates (ala Microsoft's CardSpace GUI), and also provide better
security by offering to password protect the certificate when storing it.
I would create a root certificate (valid for a very long time as it isn't
really being used for security) and a website to sign any CSRs (I wouldn't
go as far as to publish the private key, that just doesn't seem right to
Does anyone have any thoughts on this?
(ps. please CC me in on responses, as I'm not subscribed)
More information about the foaf-protocols