[Freedombox-discuss] FOAF developers taking FreedomBox into their equation
On Thu, Mar 10, 2011 at 12:11:01AM +0100, Melvin Carvalho wrote:
> > WebID use SSL certificates, but do not require _centralized_ certificate
> > authorities, Actually, due to requiring an unusual additional hint, some
> > centralized CA autorities including CAcert.org cannot currently provide
> > WebID compatible certificates.
> Traditionally we've always 'self signed' our WebID certificates. So
> there's no CA that needs to be in the loop. In fact, I dont know of
> any instance WebID has *ever* been used with a CA, but I suppose it is
> possible too. :)
Okay, so if I control the hostname me.fb2fb in a hypothetical decentralized
naming scheme, I generate a WebID at http://me.fb2fb/webid#me or something,
and you can validate that the person who controls http://me.fb2fb/webid#me
is the same person that claims to control me.fb2fb, correct?
Now if I lose control over me.fb2fb, and someone else generates a new
WebID at that URL, has that person now acquired my identity and credentials?
If so, does WebID have any features that would mitigate this?