Re: WebID-ISSUE-45 (pgp-comparison): Compare WebId with PGP/GnuPG Web of Trust [research] from Henry Story on 2011-02-23 (public-xg-webid@w3.org from February 2011)

From: Henry Story <henry.story@bblfish.net>
Date: Wed, 23 Feb 2011 12:28:10 +0100
To: Reto Bachmann-Gmuer <reto.bachmann@trialox.org>
Cc: WebID Incubator Group WG <public-xg-webid@w3.org>
Message-Id: <62067B06-D7C9-41D8-A7F4-F4C269EB48FD@bblfish.net>
On 23 Feb 2011, at 11:07, Reto Bachmann-Gmuer wrote:

> 
> 
> On Tue, Feb 22, 2011 at 9:44 PM, Henry Story <henry.story@bblfish.net> wrote:
> 
> On 21 Feb 2011, at 09:58, WebID Incubator Group Issue Tracker wrote:
> 
> >
> > WebID-ISSUE-45 (pgp-comparison): Compare WebId with PGP/GnuPG Web of Trust [research]
> >
> > http://www.w3.org/2005/Incubator/webid/track/issues/45
> >
> > Raised by: Reto Bachmann-Gmür
> > On product: research
> >
> > Compare what can be done and how easy it is using PGP-WOT vs. WebId technologies.
> 
> Does this FAQ answer the question?
> http://www.w3.org/wiki/Foaf%2Bssl/FAQ#How_does_this_improve_over_X.509_or_GPG_Certificates.3F
> No, I'm talking about an honest comparison,

Honest is good, intelligent is better, thorough would be great.

> the above doesn't talk about what the trust in the document retrieved dereferencing an URI bases on,

There are many different levels to this: 

  1 - trust in your brain
  2 - trust in the hardware you have
  3 - trust that your operating system is honest
  4 - trust in the software you have
  5 - trust that the network is working the way it should
  6 - trust that the DNS is giving you the right IP addresses
  7 - trust that in the CA system (at present, later hopefully something better)
  8 - trust in the HTTPS connection (small keys, big keys, good encryption, etc..)
  9 - trust in the certificate (contains 100 tinyurls as Peter suggested)
10 - trust in what the document says about the agent referred to by the WebID
11 - trust in what others say about their relation to the agent named by the WebID (how did they get to know what they say?)
12 - trust in your definition of trust (ie, philosophical analysis is needed)
13 - trust in your friends, social network, community, humanity (and their trust in you)
 
Many of these are interlinked and as many epistemologists have come to believe during the 20th century, there is no foundation on which one can built all of knowledge, ie there is no fundamental _base_  (to use your word), on which one can build all of knowledge. So the task is pretty daunting to start off with. It is less daunting if one takes small pieces and keeps things as simple as possible, and if one then looks for as big a coherence in one's beliefs as possible. 

So just to give you a fun example. At FOSDEM conference in Belgium a few weeks ago the OpenCA people were trying to verify the identity of people to give them certificates. An asian person comes along with an asian passport. They can't read it, they can just compare the photo of the man with his face. The guy seems nice, and there is pressure on the people working there. They ask him for a different identity card, also in asian. I would not have been surprised if they did not sign something in the end.

> we should address this chicken and egg problem.

I am not sure if the chicken and egg problem has found a solution yet. There are claims going both ways :-) And we can continue enjoying eggs in the meantime.

> Also the advantage to be able to revoke trust should be weighted against the advantage of functioning even if (large) parts of the network are down.

Frankly if your government tears down your network to stay in power, it's time to get hold of physical weapons. A citizens army
is the best answer to those problems. Then the problem remains of how you make sure your citizens remain sane.

But without going that far I suppose you are referring to the possibility of caching information. I think the question here is: does what WebID ask stop other solutions being built on top that can give you that protection?

> I'm convinced that with the technologies behind WebId we can do something that it is not only easier but also as secure as PGP-WOT, but this requires filling some gaps on the technological level.

> 
> >
> > WebId offers easier weak security mechanism (replacement of email authentication),
> 
> Here you are speaking of authentication. WebID  is stronger than e-mail authentication. E-mail hops over many intermediaries, usually without encryption and the message can be change on the way. In webid you have a secure connection

> There seems to be a misunderstanding: As often no more security than the one offered by email authentication is needed it is a feature of WebId to offer something at this level. WebId works also with insecure profile documents which roughly offers the same security as email verification (email can be more and maybe even less secure but that's not the point).

yes, WebID over unprotected connection is not secure. We leave it there to get things going. But when seriously discussing WebID we should be assuming TLS on both sides.


> 
> > can WebId also provide high degree of security with transitive trust features?
> 
> So the issue here is one of trust. e-mail does not provide any trust, other than for large players like facebook, that can correlate the e-mail to social networks, and so use that information to work out a trust graph. WebId will benefit from some of the same network effects, though less centralised ones.

> Here I'm referring to the transitive trust features PGP WOT bases on (not to anything relating to emails). The discussion on signing (parts of) profile documents could allow transitive trust features. In the example in http://www.w3.org/wiki/File:X509CertsAndSocialGraph.jpg you may trust jane because you know Bruno and Bruno knows Jane but this doesn't give you a reason to believe that XYZ is in fact the public key of Jane.

> The trust relation the image describes may be important for assigning rights to Jane, the trust path I'm talking about (and which is implemented pretty well in PGP) is necessary for authentication.

If he links to Jane referentially, and you get those keys that way, then why would you not have *a* reason to believe that is her key? 

You may worry that she puts it on an untrusted host? Well then what of a PGP owner who puts his private key on a virus infected computer? Again there is no absolute. One has to look for coherence.

But yes, you could increase trust by publishing the public key you know that person has, as you link to them, just as I tend to publish in my foaf file the name of the person linked to. That may or may not increase trust for some people when seeing the public key. It depends if they think your software keeps this up to date, if you have something against that person, and so on, if that profile document comes from the same organisation. But this is a good piece of further research to do on top of WebID I believe. In fact that is where hopefully we can start playing when we have a few Social Web servers running. But it will bring a lot of complex issues into play, such as what has to be done if people loose keys, and so on.

The danger of trying to go for military grade security, is that it ends up costing a fortune, and is rarely used - like military grade secure computers. So if we can build something that enables that without requiring that, then one can get adoption and build use cases of increasing security needs. 

Henry

> 
> Reto

Social Web Architect
http://bblfish.net/
Received on Wednesday, 23 February 2011 11:28:50 UTC