W3C home > Mailing lists > Public > www-rdf-interest@w3.org > April 2002

Re: Think Piece: Key Free Trust in the Semantic Web

From: Graham Klyne <GK@ninebynine.org>
Date: Sat, 06 Apr 2002 07:29:29 +0100
Message-Id: <5.1.0.14.2.20020406072423.0442d8c0@joy.songbird.com>
To: Aaron Swartz <me@aaronsw.com>
Cc: "Joseph M. Reagle Jr." <reagle@w3.org>, RDF-Interest <www-rdf-interest@w3.org>
At 09:51 PM 4/4/02 -0600, Aaron Swartz wrote:
>MITM can occur in the static document scenario, if you imagine the Man
>sitting at your ISP, slyly rewriting all the crypto that comes thru. (I
>admit, this is a very paranoid scenario.) The attack here would be to feed
>you (seemingly signed) documents that the real person never signed.

What I think is interesting about Joseph's proposal is that however 
paranoid you may be, it's difficult to believe that an attacker has 
compromised every information source in the Internet, or even a significant 
majority of them.  If you believe that, then I think you might as well give 
up on any form of security.

I think the most pernicious attack is one in which one's "usual" processing 
platform is compromised:  whatever security may exist to the outside world, 
information presented to the operator cannot be checked.  I think trust in 
one's local platform is pretty much a prerequisite for any security.

#g


-------------------
Graham Klyne
<GK@NineByNine.org>
Received on Saturday, 6 April 2002 04:15:47 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:51:53 GMT