[foaf-protocols] Why SAN?

Henry Story henry.story at bblfish.net
Fri Sep 17 18:26:27 CEST 2010


On 17 Sep 2010, at 16:41, Nathan wrote:

>> 
>> The verifying agent needs to pointer as to where to look for your WebID.
>> SAN seems the logical choice.
> 
> Indeed, SAN, or more accurately "in the certificate" is the logical 
> choice (personally would still prefer a dedicated x509 extension rather 
> than reusing SAN but that's a different issue) - however does it make a 
> difference, all that's needed is that the verifying agent knows the 
> WebID & public key and has done the TLS thing to prove 
> (owner/holder)-ship of said public key.

If you can put it in an encrypted channel header I suppose it could work.

But placing it in the X.509 key has the advantage that you don't need to
change the browser behavior. And that will be the most widely used client.
There is the added advantage of placing it in the X.509 key that that key is 
signed so giving possibly a further layer of trust, if we then use the Issuer
Alternative Name.

Perhaps you can let us know what  your problem is, and we can help you fix 
it?

Henry


Social Web Architect
http://bblfish.net/



More information about the foaf-protocols mailing list