[foaf-protocols] WebID for signing RDF graphs
jeremy at topquadrant.com
Thu Sep 23 18:05:01 CEST 2010
On 9/23/2010 8:37 AM, Reto Bachmann-Gmür wrote:
> 2. Simply drop any "problematic triples" - i.e. those that cannot be
> canonicalised. This is a slight security hole, in that it allows for
> certain triples to be inserted into the graph without breaking the
> signature, but an attacker is very limited in scope as to what sort of
> triples those are. I do have a solution that improves this somewhat,
> but still doesn't make things perfect - I've not immplemented it yet
Yes - that works. This means that an attacker can change them (as long
as they remain problematic! quite a challenge, but we need to keep those
black hats busy !? ). I think the solution in my paper is generally
better, i.e. add additional triples as part of the signing process.
Since these are under your control rather than the attackers, you can
choose what you add, and my papers sketches a convention of adding
triples of a certain format that are explicitly meaningless. (The new
owl:topProperty or whatever it is called may provide that too -
basically if the property already links all values to all values it is
formally meaningless as well as conventionallY).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the foaf-protocols