[Freedombox-discuss] Friendika
Melvin Carvalho
melvincarvalho at gmail.com
Wed Jul 13 18:23:17 UTC 2011
On 13 July 2011 19:54, Boaz <alt.boaz at gmail.com> wrote:
>>WebID uses SSL, but as far as I understand it doesn't rely in any CA. The
>>certificates can be self-signed and they will work the same. It uses the
>>private key installed in your PC (which might not be very convenient) and
>>checks if it belongs to the public key (which you have copied sometime before)
>>returned by the FOAF file. If they match, your friends server can be sure that
>>you are who you claim to be
>>( http://www.w3.org/wiki/Foaf%2Bssl ). In this scheme it doesn't matter which
>>the CA is.
>
> Let's be clear: self-signed certificates provide no protection against
> MITM attack. In other words, no assurance to your friends that you
> "are who you claim to be" (unless you gave them your key fingerprint
> on a slip of paper or something). That assurance is the service that
> we supposedly get from certificate authorities.
You dont need to give your key on a slip of paper (you can if you want
of course), it's on your home page.
Hopefully your freedom box also hosts a web server too, preferably with https.
>
>
> Boaz
>
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
>
More information about the Freedombox-discuss
mailing list