- From: Story Henry <henry.story@bblfish.net>
- Date: Thu, 27 Mar 2008 23:09:00 +0100
- To: Kjetil Kjernsmo <kjetil@kjernsmo.net>
- Cc: foaf-dev Friend of a <foaf-dev@lists.foaf-project.org>, Semantic Web <semantic-web@w3.org>
- Message-Id: <1FCFA94D-92CF-4435-A21E-FA229C82B83A@bblfish.net>
Just got back from the pub here (11pm), so... On 27 Mar 2008, at 22:26, Kjetil Kjernsmo wrote: > On Thursday 27 March 2008, Story Henry wrote: >> 7. Juliette uses the answer in 6 to GET the PGP key. >> (what to do if someone has more that one PGP key?) >> >> 8. Romeo's server returns the PGP key > > I think the critical issue to be considered in any system that uses > PGP > is "how do you establish the trust network?" For all I know, you're > not > Henry at all, you're Mallory, but you just created a key with Henry's > name and email on. Baaaaad Mallory! (and oh, my client screamed that > this message had an invalid signature at me). I think this problem does not come up in this use case. When in stage 9 Juliette's foaf server has decrypted the encrypted string it knows that the User Agent sending the request has access to <http://romeo.name/#romeo>'s private key. Now how the server comes to trust "http://romeo.name/#romeo" is a different problem. It could be that Romeo gave Juliette a business card with that URL on it. It could be that Juliette has a policy such as DIG's of trusting friends of friends see: http://dig.csail.mit.edu/breadcrumbs/node/206 So she takes the foaf files of a few of her best friends and decides to trust all of the people who have a relationship to depth 3 with those people as specified by her foaf file. How you establish your trust network is up to you. PGP is just very helpful in this case because it helps link the owner of the User Agent to a foaf file. This is what OpenID does, but it requires a lot of redirects, and a server to process the information. PGP removes that bottleneck. And also once it becomes widespread, it can become very useful in a huge number of other applications. > There are of course various ways to establish those trusted links, > but I > think that when you use something as powerful as PGP, you might want > to > be careful. There is little point in PGP if your way of establishing > trust is weak, then the trust network will be the point of attack > anyway. As a minimum policy, I only sign keys of people I meet face to > face and that they have a photo ID that looks reasonably official. > > PGP is great, and I'm always open to signing and to organise key > signing > parties, but I think that requiring PGP is hindering adoption to the > extent where it is not very useful. I think that rather than requiring > PGP, you could create system where a trust metric is influenced by how > the trust is established, and then a PGP-hardened social network would > be trusted more than a random foaf:knows triple found somewhere on the > net... > > So, for example, in Phil's child-abuse case, information could only be > shared in encrypted form between trusted parties. > > Cheers, > > Kjetil > -- > Kjetil Kjernsmo > Programmer / Astrophysicist / Ski-orienteer / Orienteer / Mountaineer > kjetil@kjernsmo.net > Homepage: http://www.kjetil.kjernsmo.net/ OpenPGP KeyID: 6A6A0BBC
Attachments
- application/pkcs7-signature attachment: smime.p7s
Received on Thursday, 27 March 2008 22:10:22 UTC