private ssl certificate lost/renewal on foaf.me domain
m1bxd
As I understand it, when you create a profile on foaf.me, a one-year
SSL private certificate is generated and installed into your browser.
Question: What is the procedure for renewing/replacing this SSL at the
end of the year?
Cheers Mark
Melvin Carvalho
Thanks for the query, that's a good question.
1 year was originally selected as a test period. I think we should
switch to longer or permanent certs.
Right now you would have to replace the certificate by hand (delete
triple) then issue new certificate.
Im currently rewriting some of the back end, but after that I'll add a
certificate workflow to the front end, so that it's less of a manual
process.
>
> Cheers Mark
>
> --
> You received this message because you are subscribed to the Google Groups "foaf.me" group.
> To post to this group, send email to foa...@googlegroups.com.
> To unsubscribe from this group, send email to foafme+un...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/foafme?hl=en.
>
>
m1bxd
thanks for the prompt reply
> Right now you would have to replace the certificate by hand (delete
> triple) then issue new certificate.
my username was already taken.
Could you please just explain the "by hand" in "For Dummies"
lingo :-) ?
Is it possible to generate another key set, so the new one can be
issued, then the old pair deleted/retired/allowed to expire?
Cheers Mark
On Oct 27, 12:51 am, Melvin Carvalho <melvincarva...@gmail.com> wrote:
Melvin Carvalho
> Hi Melvin,
>
> thanks for the prompt reply
>
>> Right now you would have to replace the certificate by hand (delete
>> triple) then issue new certificate.
>
> I deleted my browser certificate, but couldn't get another one because
> my username was already taken.
Apologies for not responding sooner, that's a good catch. We really
should issue certs for 5 years :)
>
> Could you please just explain the "by hand" in "For Dummies"
> lingo :-) ?
We need to delete the triple linking your WebID to the key, in this
case, as that is the current logic that protects your profile.
However since we havent yet added a revocation workflow, I would
actually need to do this, or reset your account to start again.
(sorry we are only beta)
Would you like me to do this for you? I'll need your username ...
>
> Is it possible to generate another key set, so the new one can be
> issued, then the old pair deleted/retired/allowed to expire?
Multiple certs is on the way, not yet implemented, so I have to do it
by hand for now ...
m1bxd
I'm fine for my cert at the moment - I backed it up!
But my interest was an academic one about the practicalities.
> Multiple certs is on the way, not yet implemented, so I have to do it
> by hand for now ...
> case, as that is the current logic that protects your profile.
will deleting the triple linking your WebID to your key be redundant,
accept in emergencies, as users will be able to update and delete
their own certificates?
If you get time to clarify the point about, that's cool.
Cheers Mark
On Nov 3, 10:45 pm, Melvin Carvalho <melvincarva...@gmail.com> wrote:
Melvin Carvalho
> Hi Melvin,
>
> I'm fine for my cert at the moment - I backed it up!
>
> But my interest was an academic one about the practicalities.
>
>> Multiple certs is on the way, not yet implemented, so I have to do it
>> by hand for now ...
It's a great question, thanks for bringing it up. It has also got me
thinking about other ways to improve the UX.
>
>
>> We need to delete the triple linking your WebID to the key, in this
>> case, as that is the current logic that protects your profile.
>
> So if the system can handle multiple certificates in the future, then
> will deleting the triple linking your WebID to your key be redundant,
> accept in emergencies, as users will be able to update and delete
> their own certificates?
Yes. The 'system' ie WebID can handle multiple certificates right
now. It's just a weakness in the current implementation that does not
perform this workflow in a user friendly way.
It should be a automatic process in future, where the user
periodically will renew a 'temporary' certificate, or maintain a set
of certificates.
The xwiki version by henry story and the payswarm version by manu
sporny do this already ... sorry we're lagging behind, at this second!
So yes update delete renew should be normal functions.
We dont yet have revoke a la PGP but that would not be a hard thing to propose.
Owen
This topic has interested me and apologies for interfering. When you
refer to multiple certs, do you mean multiple certs for the same WebID
or multiple cert with each having a different WebID? If it is the
latter, does this not defeat the scope of having a unique ID that
refers to a user? Does the system allows users to create multiple
WebIDs or there is a check in the system that identifies a user that
already has a WebID and "blocks"the user from creating another WebID?
Moreover, since the system allows a user to update the statements in a
FOAF file by using the RAW Data option, in order for the system to
handle multiple certs, a user just enters the different public keys in
the "cert" part of the FOAF file please?
Thanks and regards,
Owen
On Nov 4, 9:12 pm, Melvin Carvalho <melvincarva...@gmail.com> wrote: