Re: Why did the PGP Web of Trust fail?

>
> This WWWoT does not exist. But it would be extremely helpful in allowing
> all the other things to emerge. ... [Current WoT] binary format is
> limited in extensibility. But that's fine. They can move to the Verifiable
> Claims WG and get it all.


Actually, that's what Validbook is trying to achive with Endorsement Graphs
and Validbook Statements. It comes as a surprise realization to myself,
that in essence Validbook is building (is based on) the next generation WoT
based on Verifiable Credentials standard.
This next generation WoT is simpler, more human friendly and more
informative then the original one. Simpler because it is based on
undirected graph. Human friendlier because it uses human readable
just-like-real-paper-documents Validbook Statements [1] and nice
visualization of Endorsement Graphs [2]. More informative, because,
Validbook Statements may include any information.

If adopted (and this adoption is realistic because of Kudos) Validbook
Endorsement
Graph and Validbook Statements will be able to give answer to "simple
factual things" as stated by you:

> if the web site claiming to be of a watch maker in Switzerland is
> actually owned by a shop in Switzerland, and perhaps who owns it, etc...
> Or if a bank in China is a bank that our country accepts as a bank, and
> will involve diplomatic processes if we have a problem. Or if the Signed
> Claim using the future Verifiable Claims Json-LD  standard which is
> signed by an organization in Peru, is actually the right kind of
> organization to hand out such documents, and if our country and police
> will accept that document.


--Bohdan

[1] - http://futurama1x.validbook.org/statements
[2] - http://futurama1x.validbook.org/identity/jimbo.fry
More on Validbook:
https://lists.w3.org/Archives/Public/public-credentials/2018May/0024.html



On Thu, Jun 21, 2018 at 9:44 PM, Henry Story <henry.story@bblfish.net>
wrote:

>
>
> On 21 Jun 2018, at 12:36, Bohdan Andriyiv <bohdan.andriyiv@validbook.org>
> wrote:
>
> PGP WoT failed (in a sense of getting E2EE of emails to the masses),
> because it is too hard to use. People, want to do stuff and go places.
> Convenience trumps everything. Cost/Benefit equation for PGP is very
> unbalanced. For a lot of people PGP cost is not, – just not worth the
> benefit, but plainly insurmountable (learn about keys, certificates, key
> signing - come on!) .
>
>
> User Interfaces can be improved or worked on. That of course requires
> working with artists, and
> from my experience the problem there is that there is not much meetings
> where both cryptographers
> and artists get together.
>
> But protocols and formats also limit what designers can do. So from my
> quick analysis of
> RFC4880 there are only 256 attributes allowed, they are identified by
> numbers, and therefore
> require centralised coordination to come to an agreement on.  And if an
> attribute number were to
> be agreed, then you'd still be left with having to agree on the syntax of
> the content of that attribute.
>
> RDF solves both those problems and has a binary format proposal too and
> allows decentralised
> extensibility without requiring english to be the main language: the words
> in RDF are URIs.
> http://www.rdfhdt.org/hdt-binary-format/
>
>
> Bringing institutions into WoT, will not make it successful in a sense of
> getting E2EE of emails to the masses. After all, the goal of WoT to bring
> E2EE to the masses has been achieved via commercial interests - ProtonMail,
> all mainstreams IM apps (WhatsApp, Viber, Telegram).
>
>
> The Web of Trust I am claiming is missing from the current web is not a
>  cryptographic WoT.
> It is one based on hyper-data. So we could call it Hyper-Trust or World
> Wide Web of Trust.
> This WWWoT is useful just to let us know simple factual things like if the
> web site claiming to be
> of a watch maker in Switzerland is actually owned by a shop in
> Switzerland, and perhaps who owns
> it, etc... Or if a bank in China is a bank that our country accepts as a
> bank, and will involve diplomatic
> processes if we have a problem. Or if the Signed Claim using the future
> Verifiable Claims Json-LD
> standard which is signed by an organization in Peru, is actually the right
> kind of organization to hand
> out such documents, and if our country and police will accept that
> document. (Think about Hertz employees
> needing to make a decision on this)
>
> This WWWoT does not exist. But it would be extremely helpful in allowing
> all the other things to emerge.
>
> Bringing institutions into WoT, will make it successful in a sense that it
> will allow people to cooperate (exchange money and ownership rights) with
> more reliability. To do this it should not make the main PGP WoT mistake -
> being too complex.
>
>
> It's binary format is limited in extensibility. But that's fine. They can
> move to the Verifiable Claims WG and
> get it all.
> https://www.w3.org/2017/vc/WG/
>
> But even if they had that they would still need an WWWoT or the reasons
> explained above and in the post. :-)
>
> That's why when designing Validbook's Endorsement Graph I decided to make
> it undirected graph, only mutual relations counted (no ambiguity in who
> knows who); no levels of trust (you either trust identity's SURLHI claim or
> not). Validbook Statements are very simple, real-world-like digital
> documents. Here is an example of a contract - http://futurama1x.validbook.
> org/statements/templates/Wedding%20Photography%201-13. You will be able
> attach to it your digital passport issued by goverment and sign it
> together. In this way counterparty can be sure about your legal/goverment
> identity (be able to go to a judge in a proper jurisdiction and bring you
> to responsibility if needed). Most importantly, it is all (Validbook
> Statements, building your Validbook Identity's SURLHI Endorsement Graph)
> very human friendly. That's why Validbook slogan is - "Do important stuff
> with confidence".
>
> --Bohdan
>
>
> On Thu, Jun 21, 2018 at 12:09 PM, Henry Story <henry.story@bblfish.net>
> wrote:
>
>> Thanks a lot! That is what I was looking for to help me write the
>> article.
>>
>> I am reading the first with great interest. When done (if my main thesis
>> still holds) I'll
>> try to integrate the concepts into a revised clearer version of the
>> article. :-)
>>
>> On 21 Jun 2018, at 00:56, Christopher Allen <
>> ChristopherA@lifewithalacrity.com> wrote:
>>
>> I encourage you to read what the creators of PGP wrote for the first
>> #RebootingWebOfTrust
>>
>> https://github.com/WebOfTrustInfo/rebooting-the-web-of-
>> trust/blob/master/topics-and-advance-readings/PGP-Paradigm.pdf
>>
>> Lots of other useful documents in the various #RebootingWebOfTrust repos,
>> both community created docs in /final and individual submissions at
>> /topics-and-advance-readings
>>
>> https://github.com/WebOfTrustInfo/rebooting-the-web-of-
>> trust/blob/master/topics-and-advance-readings/modern-pki-
>> identity-assertions.md
>>
>> https://github.com/WebOfTrustInfo/rebooting-the-web-of-
>> trust/blob/master/topics-and-advance-readings/FirstEncountersWithPGP.md
>>
>> https://github.com/WebOfTrustInfo/ID2020DesignWorkshop/blob/
>> master/topics-and-advance-readings/PeerAttestationofIdentity.pdf
>>
>> — Christopher Allen [via iPhone]
>>
>>
>>
>
>

Received on Friday, 22 June 2018 10:02:35 UTC