W3C home > Mailing lists > Public > www-rdf-interest@w3.org > April 2002

Re: Think Piece: Key Free Trust in the Semantic Web

From: Aaron Swartz <me@aaronsw.com>
Date: Thu, 04 Apr 2002 19:45:27 -0600
To: "Joseph M. Reagle Jr." <reagle@w3.org>, RDF-Interest <www-rdf-interest@w3.org>
Message-ID: <B8D25DD7.2F962%me@aaronsw.com>
Warning: the following email assumes basic knowledge of public-key
cryptography and the Man-In-The-Middle attack.

After skipping thru lots of introductory material that most of your readers
(at leas thte ones who care) are probably familiar with, I found myself
rather confused with the article.

PKI and Web-of-Trust networks are designed to foil Man-In-The-Middle (MITM)
attacks, not who's-key-is-this? problems. It seems that your paper is aimed
at simply solving the problem of finding someone's real key in a world of
confused, but not actively malicious peers, like someone at the ISP
replacing all fingerprints and public keys with ones they've created.

Is this right, or did I misunderstand your paper?

One interesting solution to the Web-Of-Trust key-signing problem that I've
heard (from Zooko[1] is to simply sign each other's keys now, before the
enemy gets their AI MITM software working which automatically intercepts and
converts traffic to their own system of fake keys...which assumes that they
haven't gotten it working yet ;-)

[1] http://www.zooko.com/

All the best,
-- 
      "Aaron Swartz"      |               Swhack Weblog
 <mailto:me@aaronsw.com>  |   <http://blogspace.com/swhack/weblog/>
<http://www.aaronsw.com/> |      something different every day
Received on Thursday, 4 April 2002 20:45:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:51:53 GMT