[foaf-protocols] This message should be signed

Bruno Harbulot Bruno.Harbulot at manchester.ac.uk
Sat Jun 20 18:43:44 CEST 2009


Toby Inkster wrote:
> On Sat, 2009-06-20 at 09:14 +0100, Toby Inkster wrote:
>> This message is a test. It should be signed with my FOAF+SSL-enabled
>> X.509 key.
> Hmmm... but wasn't.
> Some SSL error message came up in Evolution when sending it, but it
> didn't give me the chance to stop it sending.
> Oh well, the principle still seems sound. FOAF+SSL could provide us with
> a unified trust model for web and e-mail, which is a potential killer
> feature over competing technologies (but not an ov:KillerGorilla).

In Thunderbird 2:
1. Import your own certificate in PEM format in 'Authorities'.
2. Import your own certificate+key (from PKCS#12 file) in 'Your 
certificates' (if you had done this before, back it up, delete it and 
re-import it after step 1).
3. In your account settings: 'Security' -> 'Digital signing' -> 
'Select...' (pick the appropriate certificate).

When sending a message, expand the 'Security' button and choose 
'Digitally sign this message' if it's not the default you have selected.

Note that the receiver will still be confused since there's no embedded 
mechanism to verify that certificate.
It's possible in theory to do the verification in Thunderbird (or other 
e-mail clients), but this would require changes in its code (or perhaps 
a plugin). After verifying the certificate by dereferencing the FOAF 
file, one would need to check that its WebID can be associated with the 
e-mail address of the sender (this information can be provided by the 
FOAF document).

Best wishes,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2190 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.foaf-project.org/pipermail/foaf-protocols/attachments/20090620/b3de3bfb/attachment.bin 

More information about the foaf-protocols mailing list