[foaf-protocols] Poll on WebID Protocol Ontology Changes

Henry Story henry.story at bblfish.net
Tue Oct 5 23:26:12 CEST 2010


On 5 Oct 2010, at 22:52, Manu Sporny wrote:

> 
> So, are the people that are voting for DER meaning to vote for PEM
> instead? Or do you really mean DER (which is a binary format)?

As I understood those voting for DER meant a base64 encoded subset of a DER
certificate, namely only the piece that is the public key. Ie: this piece

RSAPublicKey ::= SEQUENCE {
    modulus           INTEGER,  -- n
    publicExponent    INTEGER   -- e
}

The idea was that the server receiving this from the Apache server could 
query the RDF graph with a simple ASK SPARQL query in one go using just 
string comparison.

See the thread here:
http://markmail.org/message/pfriwu4vnphh2jsa

Nathan was arguing that that piece is fixed in DER and so one
could then do a string by string comparison. But he was not sure 
if that is true for the full certificate. One would still have to
iterate through all public keys I believe as it is quite likely that
the publisher could add an extra white space or carriage return there.

What Nathan was not so clear about is if a full DER/PEM comparison
could be made between the certificate that came from the server
and the one in the foaf file.

To me the problem of making full certificate comparisons is that you
are loosing out on the fact that the real worthwhile thing to compare
is the public key IN the certificate. All the rest is gunk. So there 
is no reason I could not have one public key in my foaf Profile, and then
use that same public/private key to generate a PGP key that would then
also be useful for some other PGP tool. Or that I could use the public private
key to generate a different certificate.

The danger of putting the certificate in there is that it will
tend to have people think that certificate comparison is what matters,
and so loose sight of a lot of extra flexibility.

Henry




More information about the foaf-protocols mailing list