[foaf-protocols] Fwd: XAuth critiques

David Chadwick d.w.chadwick at kent.ac.uk
Thu Jun 10 12:55:11 CEST 2010



Bruno Harbulot wrote:
>
>>
>> One problem is that browsers, people, and even technical gurus refer to
>> private keys as certificates. They are not, They are separate, and
>> should be treated as such
> 
> That's true. I think experts know what they mean when they say it, 
> though ;-)
> The fundamental problem with use of certificates is to explain this to 
> non-technical users. It would be problematic if people started to send 
> their friends their p12 files if they were asked to send their 
> certificates.

Believe me it already happens. Even computer science students will send 
their p12 files instead of p7 files :-(
This is because they are both referred to as certificates. If the 
private key was referred to as the Pen, and the certificate as the 
Viewer or Spectacles then this would help users to differentiate

regards

David


> 
> 
> Best wishes,
> 
> Bruno.
> 

-- 

*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
School of Computing, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************


More information about the foaf-protocols mailing list