Re: WebID-ISSUE-45 (pgp-comparison): Compare WebId with PGP/GnuPG Web of Trust [research] from Reto Bachmann-Gmuer on 2011-02-21 (public-xg-webid@w3.org from February 2011)

From: Reto Bachmann-Gmuer <reto.bachmann@trialox.org>
Date: Mon, 21 Feb 2011 16:44:18 +0100
To: Henry Story <henry.story@bblfish.net>
Cc: WebID Incubator Group WG <public-xg-webid@w3.org>
Message-ID: <AANLkTinoZUDX1=-ZBuGxMOwFNo4Hzy5gW3onO6cuWuf-@mail.gmail.com>

On Mon, Feb 21, 2011 at 10:03 AM, Henry Story <henry.story@bblfish.net>wrote:

>
> On 21 Feb 2011, at 09:58, WebID Incubator Group Issue Tracker wrote:
>
> >
> > WebID-ISSUE-45 (pgp-comparison): Compare WebId with PGP/GnuPG Web of
> Trust [research]
> >
> > http://www.w3.org/2005/Incubator/webid/track/issues/45
> >
> > Raised by: Reto Bachmann-Gmür
> > On product: research
> >
> > Compare what can be done and how easy it is using PGP-WOT vs. WebId
> technologies.
> >
> > WebId offers easier weak security mechanism (replacement of email
> authentication), can WebId also provide high degree of security with
> transitive trust features?
>
> Can you then describe why the security mechanism is weak?
>
I'm not saying that WebId security is weak, but that it offers the
possibility of doing some weak checks, this is the case when the WebId
Profile retrieved over an insecure connection is the sole way of verifying
the identity-key association.



> Can you define transitive trust better?
>

Alice trusts Bob, Bob Trusts Charlie => Ale trusts Charlie (somehow)

Reto


>
> Henry
>
> >
> >
> >
>
> Social Web Architect
> http://bblfish.net/
>
>
>

Received on Monday, 21 February 2011 15:44:52 UTC