[foaf-protocols] cert:fingerprint ?
home_pw at msn.com
Fri Oct 28 19:48:18 CEST 2011
is is md5, sha1, or what? rememebr, the cert fingerint is NOT a signed (or delivered) field. It is a "computed" label. it is security enforcing in the world of windows websso, note. Some trust inclusion lists define inclusion of certs on a white list by reference to their fingerprint label. One MUST (for assurnace reasons) have a well defined computation process, lest someone (somewhat incredibly) happen upon an Sha1 fingerprint with thet same value as the MD5 fingerprint being calculated by the verifier. There are safeguards, in that higher assurnace operations require that the cert is also in a given cert store, whose entry is guarded by means OTHER than fingerprints. But, as usual, such additional countermeasures are usually not applied by 80% of the populace.Date: Thu, 27 Oct 2011 06:57:58 -0400
From: kidehen at openlinksw.com
To: tai at g5n.co.uk
CC: public-xg-webid at w3.org; henry.story at bblfish.net; foaf-protocols at lists.foaf-project.org
Subject: Re: [foaf-protocols] cert:fingerprint ?
On 10/27/11 5:04 AM, Toby Inkster wrote:
> On Tue, 25 Oct 2011 12:33:07 -0400
> Kingsley Idehen<kidehen at openlinksw.com> wrote:
>> Since we have cert:key, what about cert:fingerprint?
> Currently I'm just using rdfs:label for this purpose.
> <#me> cert:key [
> rdfs:label "...." ;
> cert:modulus "...." ;
> ] .
Very neat non disruptive hack :-)
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen
foaf-protocols mailing list
foaf-protocols at lists.foaf-project.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the foaf-protocols