Re: First draft of Browser Payments 1.0 spec published

On 05/11/2013 02:40 PM, Kingsley Idehen wrote:
>> Ultimately, if you are going to have identity on the web, you have
>> to trust the server running the software. :)
>> 
> No, the problem remains accepting that references (URIs) as native
> types on the Web means relations (sentences, statements,
> propositions, claims) implies we have logic as the conceptual schema.
> You don't have to trust any software at all, you just have to make a
> judgement about inferences drawn from the logic in the relations.
> 
> It doesn't matter how many machines touch a resolvable URI that
> denotes an Agent. What's important is the ability to make sense of
> the description graph that's unveiled.

My point was that if you publish your identity and public keys on a
server, and that server is compromised such that they can add any public
key to your identity, they can then digitally sign anything on your behalf.

If you are running software to do something, you have to trust that the
software is going to do what you tell it to.

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Meritora - Web payments commercial launch
http://blog.meritora.com/launch/

Received on Monday, 13 May 2013 02:43:46 UTC