[foaf-protocols] cert:fingerprint ?

Kingsley Idehen kidehen at openlinksw.com
Fri Oct 28 21:55:06 CEST 2011


On 10/28/11 1:48 PM, Peter Williams wrote:
>
>  is is md5, sha1, or what?

You choose. Default is sha1.

>
> rememebr, the cert fingerint is NOT a signed (or delivered) field. It 
> is a "computed" label. it is security enforcing in the world of 
> windows websso, note. Some trust inclusion lists define inclusion of 
> certs on a white list by reference to their fingerprint label. One 
> MUST (for assurnace reasons) have a well defined computation process, 
> lest someone (somewhat incredibly) happen upon an Sha1 fingerprint 
> with thet same value as the MD5 fingerprint being calculated by the 
> verifier.

Yes.
>
> There are safeguards, in that higher assurnace operations require that 
> the cert is also in a given cert store, whose entry is guarded by 
> means OTHER than fingerprints.

Yes.

> But, as usual, such additional countermeasures are usually not applied 
> by 80% of the populace.

I am writing a G+ note about this approach. The initial example uses 
Twitter as the data space where the fingerprint is placed. You can also 
use blog platforms that support AtomPub e.g. Wordpress.

Kingsley
> Date: Thu, 27 Oct 2011 06:57:58 -0400
> From: kidehen at openlinksw.com
> To: tai at g5n.co.uk
> CC: public-xg-webid at w3.org; henry.story at bblfish.net; 
> foaf-protocols at lists.foaf-project.org
> Subject: Re: [foaf-protocols] cert:fingerprint ?
>
> On 10/27/11 5:04 AM, Toby Inkster wrote:
> >  On Tue, 25 Oct 2011 12:33:07 -0400
> >  Kingsley Idehen<kidehen at openlinksw.com>   wrote:
> >
> >>  Since we have cert:key, what about cert:fingerprint?
> >  Currently I'm just using rdfs:label for this purpose.
> >
> >  <#me>   cert:key [
> >  	rdfs:label "...." ;
> >  	cert:modulus "...." ;
> >  	...
> >  	] .
> >
>
> Cool!
>
> Very neat non disruptive hack :-)
>
>
> -- 
>
> Regards,
>
> Kingsley Idehen	
> President&   CEO
> OpenLink Software
> Company Web:http://www.openlinksw.com
> Personal Weblog:http://www.openlinksw.com/blog/~kidehen  <http://www.openlinksw.com/blog/%7Ekidehen>
> Twitter/Identi.ca handle: kidehen
> Google+ Profile:https://plus.google.com/112399767740508618350/about
> LinkedIn Profile:http://www.linkedin.com/in/kidehen
>
>
>
>
>
>
>
> _______________________________________________ foaf-protocols mailing 
> list foaf-protocols at lists.foaf-project.org 
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols


-- 

Regards,

Kingsley Idehen	
President&  CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.foaf-project.org/pipermail/foaf-protocols/attachments/20111028/36c886dd/attachment-0001.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1625 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.foaf-project.org/pipermail/foaf-protocols/attachments/20111028/36c886dd/attachment-0001.bin 


More information about the foaf-protocols mailing list