Re: as trustworthy as the hierarchical CA system currently in place... from Henry Story on 2012-03-05 (public-webid@w3.org from March 2012)

From: Henry Story <henry.story@bblfish.net>
Date: Mon, 5 Mar 2012 14:25:27 +0100
To: elf Pavlik <perpetual-tripper@wwelves.org>
Cc: public-webid <public-webid@w3.org>
Message-Id: <B2EADF57-6A41-4E30-8799-C294C7AD45CA@bblfish.net>

On 4 Mar 2012, at 18:04, elf Pavlik wrote:

> Hello,
> 
> After pointing my friend to WebID, he have shared this comment (original linked later):
> 
> "After reading the WebID specification once again, I'm not so sure anymore, whether I would want to use it.
> 
> As described in section 2.2, the public key is published via the WebID Profile, which is basically a FOAF profile. While section 3.4.2 does note that "An HTTPS WebID will therefore be a lot more trustworthy than an HTTP WebID by a factor of the likelihood of man in the middle attacks", however the whole system is only as trustworthy as the hierarchical CA system currently in place.
> 
> How can a web-of-trust be useful, if all the trust is based on a trust system that has been shown to be untrustworthy for more than a decade?"
> 
> https://heahdk.net/~nil/news/0005-webid-revisited

Security is like knowledge: it is a modal notion which like knowledge comes in degrees. There is 
no such thing as absolute security, and no such thing as absolute certainty. This does not mean
that there is no such thing as knowledge. Read Robert Nozick's section on knowledge in his Philosophical
Explanations, for a good modal analysis [1]

So we are pragmatic and working with the current CA system which has its limitations, but allows us to get
off the ground. The TLS system can be improved in a number of ways, as work by IETF Dane group is  [2] 
is showing or other projects we mentioned on this list (pointers?) where people are setting up services
to verify self signed certificates. One can then go even further and develop naming systems that don't rely on
DNS, but they fall into Zooko's triangle, and are no longer readable. So we are here interested in getting
the basic piece working. Improvemetns can then come in many different ways. 

  Henry

[1] https://blogs.oracle.com/bblfish/entry/the_fifth_dimension
[2] http://tools.ietf.org/wg/dane/

> 
> Any references to previous discussion on this issue?
> Thanks!
> ~ elf Pavlik ~
> 

Social Web Architect
http://bblfish.net/

Received on Monday, 5 March 2012 13:26:02 UTC