[foaf-protocols] DNSSEC and RFC4255
Henry Story
henry.story at gmail.com
Wed Jul 14 15:18:49 CEST 2010
On 14 Jul 2010, at 13:50, Mischa Tuffield wrote:
> Hello,
>
> So I am aware that the DNSSEC[1] has been agreed/finalised (whatever the correct terminology is),
Yes, and it is being deployed this summer in some major ways.
> and the way this can be used to work as a PKI[2] via the adoption of RFC4255 [3]. So, as far as I can tell this means that one could start securing communications to their domain via https, using their ssh key fingerprint, which is in turn propagated through the web via DNSSEC (or something). Naïvely, that means that we will no longer need to give monies to CAs (companies) to have signed certs.
Indeed we had a couple of threads on this subject earlier this year
"DNSSEC update and client side certificates"
http://foaf.markmail.org/thread/6mavqww3d6oii4dt#query:+page:1+mid:flx33k62zqvagwrs+state:results
But we did not have a link to this particular RFC. Thanks for pointing it out.
> So two things:
>
> 1. I wonder if I have got any wrong above, am I confused about something here?
With RFCs it's difficult to know what is the latests, most up to date version for a particular protocol, and which indeed is being adopted. I wonder what Dan thinks of RFC 4255
>
> 2. What implications does this have for foaf+ssl? I guess it means that it will be easier to have trusted https based WebIDs such as : https://example.com/person#i ?
yes, as I understand it, it means that you won't need to go through a Certificate Authority to get a server certificate. It will come with your DNS lookup. This should
help deployment a lot.
(this won't stop people inventing more p2p ways of doing server trust, but it certainly removes a very big barrier to deployment)
> Anyways, I do apologies if I have got any of this wrong,
The interesting question is, if RFC 4255 is widely accepted, how long it will take browsers to implement it.
> Mischa
>
> [1] http://www.dnssec.net/
> [2] http://en.wikipedia.org/wiki/Public_key_infrastructure
> [3] http://tools.ietf.org/html/rfc4255
> ___________________________________
> Mischa Tuffield PhD
> Email: mischa.tuffield at garlik.com
> Homepage - http://mmt.me.uk/
> Garlik Limited, 1-3 Halford Road, Richmond, TW10 6AW
> +44(0)845 645 2824 http://www.garlik.com/
> Registered in England and Wales 535 7233 VAT # 849 0517 11
> Registered office: Thames House, Portsmouth Road, Esher, Surrey, KT10 9AD
>
> _______________________________________________
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
More information about the foaf-protocols
mailing list