[cap-talk] foaf+ssl
David-Sarah Hopwood
david-sarah at jacaranda.org
Fri Oct 23 17:48:30 PDT 2009
Karp, Alan H wrote:
> http://esw.w3.org/topic/foaf+ssl
>
> Any comments on this work? It's too authentication-based for my taste.
It appears to be depending completely on the https: domain name check.
See <http://blogs.sun.com/bblfish/entry/more_on_authorization_in_foaf>,
in particular the fourth and subsequent comments:
<http://blogs.sun.com/bblfish/entry/more_on_authorization_in_foaf#comment-1232497668000>.
It therefore inherits all of the security problems due to the reliance of
SSL/TLS-as-implemented-in-browsers on a big bag of root CAs, and is also
vulnerable to any other attack on the web servers with which principals are
associated. In other words, the portrayal of its certification model as
being like a web of trust (or as not requiring key signing) is quite
misleading, AFAICS.
Based on the last comment on the page referenced above, the designers appear
to be presenting FOAF+SSL partly as a workaround for the fact that X.509
certificates are insufficiently flexible (and that they have CA-revenue-
protecting restrictions on which principals can act as certifiers).
X.509 does indeed have these problems, but X.509+https has other well-known
problems that are not fixed just by adding support for RDF-based assertions
about principals.
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
More information about the cap-talk
mailing list