[Freedombox-discuss] FOAF developers taking FreedomBox into their equation

Henry Story henry.story at bblfish.net
Wed Mar 9 20:09:25 UTC 2011 

Hi all,
 
  I just added myself to this list yesterday.

  FreedomBox is a great idea and I like the acronym its going to make :-)

  I am not sure yet if FB is hardware or software or both and one can choose.
I am working on http://clerezza.org/ an Apache project and would love to see if it can run on the same hardware... (sorry it's not GNU)

  I am also currently chairing the WebID incubator group at the W3C, so if you have WebID questions don't hesitate to ping me, or join the W3C mailing list and ping there.
    http://www.w3.org/2005/Incubator/webid/charter

  

On 9 Mar 2011, at 18:22, Jonas Smedegaard wrote:

> Hi,
> 
> The FOAF and RDF developers - including clever persons like sir Tim Berners-Lee - seem to now take FreedomBox into the equation, judging from this recent mail at their list:
> 
> http://lists.foaf-project.org/pipermail/foaf-protocols/2011-March/004759.html
> 
> for those ok with using a nifty - albeit centralized and thus potentially evil - interface, here is same message via the interface that the FOAF project itself favor over their own archival:
> 
> http://foaf.markmail.org/message/d3erqbq2v77vdyli?q=+list:org%2Efoaf-project%2Elists%2Efoaf-protocols&page=1

Not sure I knew of the rivalry you are speaking of. I was happy to link there because it did a better job of html mail which some people like Peter Williams kept sending. But it does not do a good job on pictures. Few archives tools seem to get that right oddly enough.

> 
> I am not clever in crypto stuff so would appreciate if someone else would consider helping them out by perhaps joining that list and follow up on that thread.

That was part of a longer thread on the WebID mailing list on SSL proxies, if you want to understand the conversation.

http://lists.w3.org/Archives/Public/public-xg-webid/2011Mar/0030.html

my biased summary I think is: if your OS is not OpenSource, or you client is controlled by an operator, then of course it will be easy for them to place a certificate they control onto your client, and so be able to proxy your connections. 

But this will be true of any encryption protocol. If you allow this to happen then you will not be quite an individual but an element of that organisation. As an employee that can make sense, as a subscriber to a telephone service I'd be less happy.

As for CAs they can of course also distribute root signing certificates to various entities. Now with a freedom box it should be possible to work out when that is happening, as you can control the server certificate and the client.

something to explore.

Henry

Social Web Architect
http://bblfish.net/

More information about the Freedombox-discuss mailing list