[foaf-protocols] WebID for signing RDF graphs

Jeremy Carroll jeremy at topquadrant.com
Thu Sep 23 18:05:01 CEST 2010

On 9/23/2010 8:37 AM, Reto Bachmann-Gmür wrote:
>     2. Simply drop any "problematic triples" - i.e. those that cannot be
>     canonicalised. This is a slight security hole, in that it allows for
>     certain triples to be inserted into the graph without breaking the
>     signature, but an attacker is very limited in scope as to what sort of
>     triples those are. I do have a solution that improves this somewhat,
>     but still doesn't make things perfect - I've not immplemented it yet
>     though.

Yes - that works. This means that an attacker can change them (as long 
as they remain problematic! quite a challenge, but we need to keep those 
black hats busy !? ). I think the solution in my paper is generally 
better, i.e. add additional triples as part of the signing process. 
Since these are under your control rather than the attackers, you can 
choose what you add, and my papers sketches a convention of adding 
triples of a certain format that are explicitly meaningless. (The new 
owl:topProperty or whatever it is called may provide that too - 
basically if the property already links all values to all values it is 
formally meaningless as well as conventionallY).


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.foaf-project.org/pipermail/foaf-protocols/attachments/20100923/ffe5b73f/attachment-0001.htm 

More information about the foaf-protocols mailing list