[foaf-protocols] Selective presentation of WebID-only certificates
Henry Story
henry.story at bblfish.net
Tue Sep 7 22:04:10 CEST 2010
Manu Sporny logged this issue here:
http://github.com/msporny/webid-spec/issues#issue/3
Bruno Harbulot brought this up in April 2009
http://lists.foaf-project.org/pipermail/foaf-protocols/2009-April/000450.html
It came up again a few times such as in this thread
http://foaf.markmail.org/thread/b2nfaspp3uqb5usz
The issues I think is
1. to check what the browser behavior really is
2. to make sure the semantics of doing this is ok (I think it is)
3. what would the name of this Cert Authority be
Currently I have used the DN of
"O=FOAF+SSL, OU=The Community of Self Signers, CN=Not a Certification Authority";
but we would need to agree on this.
I was thinking we should wait until we have a very formal process to decide on this, because we want as many people to be happy with it as possible - or else we would be in danger of not asking people with valid certificates for certificates, just because they decided to choose another DN.
So the issue is also in part to understand how bad the issue of multiple certs is. The advantage is that we could tie the DN to major spec version numbers, ....
Anyway this is a complex issue. It seems there is a solution to it, so it's just a matter of working out the details.
Henry
Social Web Architect
http://bblfish.net/
More information about the foaf-protocols
mailing list