- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Tue, 19 Aug 2014 13:27:58 +0200
- To: public-webid <public-webid@w3.org>, public-rww <public-rww@w3.org>
- Message-ID: <CAKaEYh+ysK=UTuGdcy8qYzn1TK_Zkj3rzcQ30qA1AkH9ufPbFg@mail.gmail.com>
1. Introduction E-mail encryption software based on open standards such as S/MIME and OpenPGP has been widely available for the last 20 years email and yet, encryption is rarely used today. Users find email encryption difficult to use, especially dealing with key management. Currently PGP public keys are distributed from public directories called key servers where keys can be published permanently by anybody. When new keys are uploaded to key servers there is no attempt to verify that the email address or other name information in the uploaded key is valid, or even that another key under the same email address doesn’t already exist. If somebody publishes a false key under your name or email address there is nothing you can do to remove the malicious key since the system provides no way to delete published key information and no way to know who should have permission to remove false information. The way that these problems are supposed to be resolved is with an authentication model called the Web of Trust where users sign keys of other users after verifying that they are who they say they are. In theory, if some due diligence is applied in signing other people’s keys and a sufficient number of people participate you’ll be able to follow a short chain of signatures from people you already know and trust to new untrusted keys you download from a key server. In practice this has never worked out very well as it burdens users with the task of manually finding people to sign their keys and even experts find the Web of Trust model difficult to reason about. This also reveals the social graph of certain communities which may place users at risk for their associations. Such signatures also reveal metadata about times and thus places for meetings for key signings. The Nyms Identity Directory is a replacement for all of this. Keyservers are replaced with an identity directory that gives users full control over publication of their key information and web of trust is replaced with a distributed network of trusted notaries which validate user keys with an email verification protocol. The system has been designed from the ground up to support the creation of messaging applications such as email clients which fully automate secure exchange of encrypted messages and only require users to make trust decisions in exceptional circumstances. This document provides an overview of the Nyms Identity Directory and describes various components of the system. The Nyms system notarizes user public keys with cryptographic signatures and also distributes these signed keys from a network of directory servers. There are separate infrastructure components for each of these two functions which are described in the sections below on Certification and Directory infrastructure. http://nyms.io/
Received on Tuesday, 19 August 2014 11:28:27 UTC