[foaf-protocols] FOAF+SSL and root certificates
Stephen Dawkins
elfarto at elfarto.com
Fri Feb 12 14:50:22 CET 2010
Hi All
I've been following FOAF+SSL for a while now, and I have a question.
Was there any consensus on the creation of a root certificate/CA for
FOAF+SSL certificates?
I ask because the current state of allowing any installed certificate to
be sent could be confusing to users. As it is, my myopenid.com certificate
shows up when using a FOAF+SSL site. This certificate clearly won't work,
so it shouldn't be shown.
Creating a root certificate would make things much clearer, and allow
browsers to provide a better interface when dealing with these
certificates (ala Microsoft's CardSpace GUI), and also provide better
security by offering to password protect the certificate when storing it.
I would create a root certificate (valid for a very long time as it isn't
really being used for security) and a website to sign any CSRs (I wouldn't
go as far as to publish the private key, that just doesn't seem right to
me).
Does anyone have any thoughts on this?
Regards
Stephen
(ps. please CC me in on responses, as I'm not subscribed)
More information about the foaf-protocols
mailing list