RE: Think Piece: Key Free Trust in the Semantic Web from Graham Klyne on 2002-04-03 (www-rdf-interest@w3.org from April 2002)

From: Graham Klyne <GK@ninebynine.org>
Date: Wed, 03 Apr 2002 20:18:10 +0100
To: "Jeremy Carroll" <jjc@hplb.hpl.hp.com>
Cc: <reagle@w3.org>, <www-rdf-interest@w3.org>
Message-Id: <5.1.0.14.2.20020403200853.03d3eda0@joy.songbird.com>

Hi Jeremy,

I, too, found Joseph's paper interesting.  Taking your point about keys:  I 
find that cryptosystems (possibly including PKI) are a useful way of 
_transferring_ or _conveying_ trust (under certain assumptions), but are 
singularly unhelpful for _establishing_ trust.

On the matter of _what_ is signed, I have for some time felt that signing 
an RDF graph is a fairly meaningless, or at least not very helpful, 
concept.  Signing an particular representation (serialization) of a graph 
seems to me to be enough to convey some notion of trust in the statements 
of the graph thus represented.  In real-world signatures, it isn't the 
words in a contract that we sign, but (typically) a particular paper-based 
rendering -- I would apply the same principles to bit-based 
renderings.  (For me, basing security on C14N is rather suspect, because 
C14N seems to be such a difficult target to pin down -- the fact that it 
may be possible for digital representations doesn't necessarily make it a 
good approach.)

#g
--

At 02:35 PM 4/3/02 +0100, Jeremy Carroll wrote:

>Hi Joseph,
>
>I had a quick look through your paper and found some of it convincing, and
>other bits less so.
>
>Briefly:
>   Preponderance Based Trust
>      compelling - and the crucial contribution of the paper IMO.
>
>   Key Free Trust in the Semantic Web
>     I think this is mistitled.
>     Aren't you really talking about the absense of a Public Key
>Infrastructure ...
>     AFAICS you still have lots of keys all over the place, it's just that
>the traditional PKIs are replaced by a preponderance mechanism.
>
>   Revocation
>      one of the least convincing parts of the paper
>       "However, there are possible solutions" hmmm
>
>
>
>Another issue is to do with quite what is being signed or digested.
>Your work on XML C14N has permitted digital signatures and digests of XML
>documents.
>
>You talk about digesting RDF statements, but really we are interested in
>digesting sets of RDF statements, i.e. graphs. If these graphs have blank
>(anonymous) nodes then we have difficulties.
>
>For an RDF graph currently has no canonical serialization. When considering
>blank nodes, the RDF graph canonicalisation problem appears to be Graph
>Isomorphism complete and is hence much harder than the XML canonicalization
>problem.
>
>(See my
>http://www.hpl.hp.com/techreports/2001/HPL-2001-293.html
>for discussion about relationship between the graph isomorphism problem and
>RDF graphs.
>See my
>http://www.hpl.hp.com/techreports/2001/HPL-2001-294.html
>for discussion about serializing an RDF graph).
>
>Hope this helps a promising line of enquiry.
>
>Jeremy

-------------------
Graham Klyne
<GK@NineByNine.org>

Received on Wednesday, 3 April 2002 14:20:43 UTC