[foaf-protocols] WebID pre-alpha specification (uses RDFa)
henry.story at gmail.com
Fri Jul 16 12:59:42 CEST 2010
(just removed TimBL here, because I am not sure he is going to be that interested in the details of this discussion, given that he has a lot of other things to think about)
On 16 Jul 2010, at 11:51, Melvin Carvalho wrote:
> Just thinking out loud: would something like 2.2.6 cover retreival of a
> public key from a GPG server / mailto URI?
> Note: just saw henry's mail suggesting this is out of scope ...
That is an interesting idea.
The problem there is that I think anyone can just put a PGP on a keyserver with anyone's email address. So that won't work.
The other option for mailto uris is the fingerpoint protocol, but I am not sure how
secure that is - it would be quite easy I suppose for many web sites who don't know about that protocol to not notice that one of their users had access to the special file that is required there...
I think the fingerpoint would work better if they used the accnt: URI scheme, and if that is directly defined as being tied to fingerpoint. In which case fingerpoint is the canonical dereferencing scheme for accnt ids.
Also these are a bit problematic, because I doubt they have thought about https carefully there too.
More information about the foaf-protocols