IETF Logo Mail Archive

[TLS] Fixing TLS Trust

Henry Story <henry.story@bblfish.net> Mon, 30 April 2012 16:47 UTC

Return-Path: <henry.story@bblfish.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0017C21F87A3 for <tls@ietfa.amsl.com>; Mon, 30 Apr 2012 09:47:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lCRUdz4d-aBv for <tls@ietfa.amsl.com>; Mon, 30 Apr 2012 09:47:03 -0700 (PDT)
Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com [209.85.214.44]) by ietfa.amsl.com (Postfix) with ESMTP id BF36521F8796 for <tls@ietf.org>; Mon, 30 Apr 2012 09:47:02 -0700 (PDT)
Received: by bkuw5 with SMTP id w5so2411549bku.31 for <tls@ietf.org>; Mon, 30 Apr 2012 09:47:01 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:content-type:content-transfer-encoding:subject:date:message-id :cc:to:mime-version:x-mailer:x-gm-message-state; bh=tTut4x8HqdlpmERLeLclRrT+MOl074eVy4yYgDGn7ds=; b=F5PjoWU6DwWxZJALV40/eaw2wMNmOuW5JSt93VNE4475LCvir2AHLZDTj/ddRnxhc7 gVlZltyl9m8lioHBW+o9lXmGd9/y2rQJo6rZKudAvwLXUbOU00p+sNB3U+ciJRmxam+c E2skM6BOp5Uf9OEMaoPCcEAmODLNVo+ryM0ls4j3GPzdrxG2rmOEuXD2o9Sr9ge+WXwl VLqn7Jfc4aheqjwlLqhIAAgZd9R7HZLFngIr/7HKUf8f84+r5DtAsvk/hBOuWjjyRll9 ZUVDZlSJMj6wPKBkScXG1ZPcvNI4C4od3rYWmPi5bofHpRbiCkZhXS5q+F1V4m8Z0qUJ sMLQ==
Received: by 10.204.155.154 with SMTP id s26mr634876bkw.129.1335804421678; Mon, 30 Apr 2012 09:47:01 -0700 (PDT)
Received: from [172.23.42.56] (p5DDBB8B5.dip.t-dialin.net. [93.219.184.181]) by mx.google.com with ESMTPS id n17sm21076640bkw.5.2012.04.30.09.46.59 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 30 Apr 2012 09:47:00 -0700 (PDT)
From: Henry Story <henry.story@bblfish.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 30 Apr 2012 18:46:57 +0200
Message-Id: <37860D94-8750-40F9-9388-07057B4E6ECD@bblfish.net>
To: "tls@ietf.org List" <tls@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1257)
X-Mailer: Apple Mail (2.1257)
X-Gm-Message-State: ALoCoQkNo2vdc65ydl4HtUPDTLiLlwemvvwOTs4PcOjVHD0ET4ZZZKVlG6sUBG3agZf/8elTGvB+
Cc: public-webid <public-webid@w3.org>
Subject: [TLS] Fixing TLS Trust
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Apr 2012 16:47:04 -0000

TLS currently helps one know that when opens a connection to a service (domain:port pair)
one is actually connected to the machine that officially owns that domain. It does not
give one the big picture of what kind of entity one is actually connected to:
ie. it does not answer the following questions:

 - is this a legal entity?
 - which country is it based in (or which legal framework is it responsible to)
 - who are the owners
 - what kind of organisation is it? (individual, bank, commerce, school, university, charity...)

In a recent talk I gave at the European Identity conference in Biel, Switzerland, I looked 
at how this extra information could be made available by using WebID and Linked Data, published
by official entities in ways that gave those documents legal weight. This would not be technically
very difficult to do, but would provide huge benefits to the web. It could increase trust 
in the way people use the web, and it could enable commerce in a much broader way that hitherto
found on the web.

  I put this presentation up on my blog with the title "WebID and Commerce" 
   http://bblfish.net/blog/2012/04/30/

WebID is just the art of tying TLS into the linked data world, which is the framework that
has been developed under the guidance of Tim Berners Lee. So it brings two worlds together,
which is why I am cross posting here. It seems like an idea with a lot of potential.

	Henry

Social Web Architect
http://bblfish.net/

v2.23.0 | Report a Bug | By Email