- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Tue, 11 Jun 2013 21:28:35 +0200
- To: Henry Story <henry.story@bblfish.net>
- Cc: public-webid <public-webid@w3.org>, public-rww <public-rww@w3.org>
- Message-ID: <CAKaEYh+oXg3UO-4RU_gkBOORi7KfO349-LBabJWW8RUejQm3jg@mail.gmail.com>
On 11 June 2013 20:20, Henry Story <henry.story@bblfish.net> wrote: > Melvin, you forget that you could also use .onion or .garlic urls if you > really don't want to rely on DNS. > > As for the rest I think it is interesting. But it seems like a lot of > work, which will require > working on a logic of trust, and much more. Perhaps a Phd thesis? > You really think it's that much work? OK, then how about this: we each take the keys of people in our friends list, and cache the reverse lookup for them ... ? > > > On 11 Jun 2013, at 18:30, Melvin Carvalho <melvincarvalho@gmail.com> > wrote: > > The WebID + TLS flow has one single point of failure, and that is that you > have to trust the profile page. If the profile page is somehow > compromised, or the victim of a MITM attack your whole authentication > process could be compromised. > > Now some people say you can add trust by adding an SSL certificate, or in > the future, perhaps DNSSEC. However, this can be unsatisfactory, because > A) it's costly, B) you are just shifting the single point of failure > around. Other projects have pushed back against using WebID for this > reason. > > A more effective technique might be to distribute trust across the whole > web. > > When the TLS handshake takes part, the sever can be mathematically sure, > that the public key it receives is authentic. > > The *standard* flow is to add a forward follow-your-nose lookup from the > certificate to your profile page. But what if we, as a community, were to > distribute the trust across many many servers, using the read write web. > > Instead of a FORWARD (follow your nose) lookup, you can do a REVERSE > lookup on the public key, using the di: (digest) URI scheme. A neat > feature of the di: spec is that it also has a /.well-known/di directory > where you can put digests and and get back a document. > > It may be fairly simple to set up a single directory that allows users to > go in and update their info on your server. You may even charge a small > fee for it. > > In this way a server does not have to rely on a single point of failure as > the relationship between a key and a user will be distributed in many > places. In this way you can perform extra checks as required to verify the > authenticity of a login, as needed... > > > > Social Web Architect > http://bblfish.net/ > >
Received on Tuesday, 11 June 2013 19:29:03 UTC