[foaf-protocols] PEM certificate- was cert:public_key

Nathan nathan at webr3.org
Wed Oct 6 17:21:46 CEST 2010

Henry Story wrote:
> On 6 Oct 2010, at 16:48, Nathan wrote:
>> I had kind of thought the *whole point* of webid was to give a user a way to prove ownership of a document which describes themselves (there profile) - take that away and we have nothing but TLS, no webid, no webid protocol.
> Indeed! An X.509 certificate is a Profile. It's just encoded in ASN.1 ! In fact I believe you can extend it too. (( So we could create friend relations too there, if anyone has hours to kill. Or perhaps more usefully one could get an OID seeAlso link to point to the foaf))
> But best of all, that PEM file is a signed X.509 certificate! So for those who wanted 
> signed certificates it's all done there.
> Think of the PEM file as an signed profile document with very little information in it, in
> fact exactly the type of certificiate some people want to present to the public

??? so why don't you just stick your "profile" in your certificate and 
forget about the URI in subjectAltName bit of it + web mounted 
"profile", no need for it, TLS will give you the cert (profile) and you 
don't need anything else.

It sounds like you've had an epiphany, but I'm not sharing it, from 
above you say "Or perhaps more usefully one could get an OID seeAlso 
link to point to the foaf".. then we'd have to prove the person wrote 
the foaf, so maybe stick the public key in there, maybe swap OID seeAlso 
for SAN and we're back where we are now?

You've gone from not liking ASN.1 / wanting to stay clear of it, to 
swapping RDF for ASN.1 and completely removing the "web of linked data" 
aspect from it, and that's not considering any implications for ACL and 
the like.

Totally bewildered tbh,


More information about the foaf-protocols mailing list