[Freedombox-discuss] Friendika

Subject: [Freedombox-discuss] Friendika
From: alt.boaz@gmail.com (Boaz)
Date: Wed, 13 Jul 2011 13:54:45 -0400
Message-id: <[🔎] CAF8Fze4J+VWsYf39We=wp0JyekDRSL9wjjSYyPPRWTu1Wtr5qw@mail.gmail.com>

>WebID uses SSL, but as far as I understand it doesn't rely in any CA. The
>certificates can be self-signed and they will work the same. It uses the
>private key installed in your PC (which might not be very convenient) and
>checks if it belongs to the public key (which you have copied sometime before)
>returned by the FOAF file. If they match, your friends server can be sure that
>you are who you claim to be
>( http://www.w3.org/wiki/Foaf%2Bssl ). In this scheme it doesn't matter which
>the CA is.

Let's be clear: self-signed certificates provide no protection against
MITM attack.  In other words, no assurance to your friends that you
"are who you claim to be" (unless you gave them your key fingerprint
on a slip of paper or something).  That assurance is the service that
we supposedly get from certificate authorities.


Boaz

Reply to:

Follow-Ups:
- [Freedombox-discuss] Friendika
  - From: melvincarvalho@gmail.com (Melvin Carvalho)
- [Freedombox-discuss] Friendika
  - From: henry.story@bblfish.net (Henry Story)

Prev by Date: [Freedombox-discuss] Friendika
Next by Date: [Freedombox-discuss] Friendika
Previous by thread: [Freedombox-discuss] Friendika
Next by thread: [Freedombox-discuss] Friendika
Index(es):
- Date
- Thread