- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Tue, 11 Jun 2013 21:47:53 +0200
- To: Henry Story <henry.story@bblfish.net>
- Cc: public-webid <public-webid@w3.org>, public-rww <public-rww@w3.org>
- Message-ID: <CAKaEYh+Zw97R8hv=R6dhkd=AZ-Zui6QQtOk7rgvinCc+R2p76A@mail.gmail.com>
On 11 June 2013 21:39, Henry Story <henry.story@bblfish.net> wrote: > > On 11 Jun 2013, at 21:28, Melvin Carvalho <melvincarvalho@gmail.com> > wrote: > > > > > On 11 June 2013 20:20, Henry Story <henry.story@bblfish.net> wrote: > >> Melvin, you forget that you could also use .onion or .garlic urls if you >> really don't want to rely on DNS. >> >> As for the rest I think it is interesting. But it seems like a lot of >> work, which will require >> working on a logic of trust, and much more. Perhaps a Phd thesis? >> > > You really think it's that much work? OK, then how about this: we each > take the keys of people in our friends list, and cache the reverse lookup > for them ... ? > > > And how do you stop a man in the middle changing all those pieces of info > as you fetch them? > What is the algorith you use for trusting those people? How do you tell > them to update their > system if your keys change? What do I do in case of clash? Etc.... etc.... > > I don't think that quick answers to this point on a mailing list are going > to be satisfactory. > You need someone full time on these issues, and careful work with crypto > specialists. > I think, as with much of security, there's no perfect answer to these questions. Tho for each scenario you can devise a strategy. But the principle here is that the mirrored claims make things incrementally better. What's wrong with incrementalism? > > > >> >> >> On 11 Jun 2013, at 18:30, Melvin Carvalho <melvincarvalho@gmail.com> >> wrote: >> >> The WebID + TLS flow has one single point of failure, and that is that >> you have to trust the profile page. If the profile page is somehow >> compromised, or the victim of a MITM attack your whole authentication >> process could be compromised. >> >> Now some people say you can add trust by adding an SSL certificate, or in >> the future, perhaps DNSSEC. However, this can be unsatisfactory, because >> A) it's costly, B) you are just shifting the single point of failure >> around. Other projects have pushed back against using WebID for this >> reason. >> >> A more effective technique might be to distribute trust across the whole >> web. >> >> When the TLS handshake takes part, the sever can be mathematically sure, >> that the public key it receives is authentic. >> >> The *standard* flow is to add a forward follow-your-nose lookup from the >> certificate to your profile page. But what if we, as a community, were to >> distribute the trust across many many servers, using the read write web. >> >> Instead of a FORWARD (follow your nose) lookup, you can do a REVERSE >> lookup on the public key, using the di: (digest) URI scheme. A neat >> feature of the di: spec is that it also has a /.well-known/di directory >> where you can put digests and and get back a document. >> >> It may be fairly simple to set up a single directory that allows users to >> go in and update their info on your server. You may even charge a small >> fee for it. >> >> In this way a server does not have to rely on a single point of failure >> as the relationship between a key and a user will be distributed in many >> places. In this way you can perform extra checks as required to verify the >> authenticity of a login, as needed... >> >> >> >> Social Web Architect >> http://bblfish.net/ >> >> > > Social Web Architect > http://bblfish.net/ > >
Received on Tuesday, 11 June 2013 19:48:21 UTC