W3C home > Mailing lists > Public > public-xg-webid@w3.org > February 2011

Re: WebID-ISSUE-45 (pgp-comparison): Compare WebId with PGP/GnuPG Web of Trust [research]

From: Reto Bachmann-Gmuer <reto.bachmann@trialox.org>
Date: Wed, 23 Feb 2011 13:33:25 +0100
Message-ID: <AANLkTin8Sj52YQnuJpGh1AyMNGhRVVsNvjwTD7BG3JXc@mail.gmail.com>
To: Henry Story <henry.story@bblfish.net>
Cc: WebID Incubator Group WG <public-xg-webid@w3.org>
On Wed, Feb 23, 2011 at 12:28 PM, Henry Story <henry.story@bblfish.net>wrote:

> we should address this chicken and egg problem.
>
>
> I am not sure if the chicken and egg problem has found a solution yet.
> There are claims going both ways :-) And we can continue enjoying eggs in
> the meantime.
>

The PGP-Wot approach is key-signing parties. I think the approach of WebId
should be growing trust with increasing interaction over increasingly secure
channels, without requiring a document to be shown (which the usual form of
identity proof at key-signing parties) as what matters is not your passport
of your DNA but your social identity within the networks in the physical
world and on the web.


There seems to be a misunderstanding: As often no more security than the one
> offered by email authentication is needed it is a feature of WebId to offer
> something at this level. WebId works also with insecure profile documents
> which roughly offers the same security as email verification (email can be
> more and maybe even less secure but that's not the point).
>
>
> yes, WebID over unprotected connection is not secure. We leave it there to
> get things going. But when seriously discussing WebID we should be assuming
> TLS on both sides.
>
I disagree. We should discuss different levels of security and how higher
security can evolve. As the fact that email-verification is so widespread
shows, that this low degree of security is often regarded as safe enough for
the purpose at hand.


> Here I'm referring to the transitive trust features PGP WOT bases on (not
> to anything relating to emails). The discussion on signing (parts of)
> profile documents could allow transitive trust features. In the example in
> http://www.w3.org/wiki/File:X509CertsAndSocialGraph.jpg you may trust jane
> because you know Bruno and Bruno knows Jane but this doesn't give you a
> reason to believe that XYZ is in fact the public key of Jane.
>
> The trust relation the image describes may be important for assigning
> rights to Jane, the trust path I'm talking about (and which is implemented
> pretty well in PGP) is necessary for authentication.
>
>
> If he links to Jane referentially, and you get those keys that way, then
> why would you not have *a* reason to believe that is her key?
>
The fact that Bruno points to https://jane.name/#j is Irrelevant for the
association between <https://jane.name/#j> and XYZ. To trust this
association I have to trust the holder and the signer of the server
certificate for jane.name.


> You may worry that she puts it on an untrusted host? Well then what of a
> PGP owner who puts his private key on a virus infected computer? Again there
> is no absolute. One has to look for coherence.
>
Right, the incoherence is showing the lack of security of CA-based
traditional PKI and offer an improvement for client certs while relying
solely on the traditional PKI for the trust into the WebId-Key association.


> The danger of trying to go for military grade security, is that it ends up
> costing a fortune, and is rarely used - like military grade secure
> computers. So if we can build something that enables that without requiring
> that, then one can get adoption and build use cases of increasing security
> needs.
>

We are talking about building a technologies that support various degrees of
security. Supporting the same level of security as PGP doesn't seem an
exaggerated requirement to me. As you correctly describe, there is no
absolute security, but there is a level of which we can realistically
believe that it can assure private and secure communication even under
conditions that would otherwise be a serious threat to freedom of
communication.

With WebId the degree of trust that the communication partner is who is
claim to be should be solely a function of the of trust (both in their
honesty and technical security) into the referring parties under condition
that:
- you are in full control of the signals you receive and that you emit
- you are able to keep some secret key safe
- you're able to correctly apply encryption algorithm
- the applied encryption algorithms are safe

I think we shouldn't try to cover situations where the attacker can
invisibly walk through walls and play around with what's in our minds.

Reto
Received on Wednesday, 23 February 2011 12:33:59 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:22 UTC