Re: Think Piece: Key Free Trust in the Semantic Web from Joseph Reagle on 2002-04-04 (www-rdf-interest@w3.org from April 2002)

From: Joseph Reagle <reagle@w3.org>
Date: Thu, 4 Apr 2002 12:11:16 -0500
To: "Jeremy Carroll" <jjc@hplb.hpl.hp.com>, <www-rdf-interest@w3.org>
Cc: Dave Reynolds <der@hplb.hpl.hp.com>
Message-Id: <200204041711.MAA22930@tux.w3.org>

On Wednesday 03 April 2002 08:35, Jeremy Carroll wrote:
> I had a quick look through your paper and found some of it convincing,
> and other bits less so.

I agree with your characterization of the contributions.

>   Key Free Trust in the Semantic Web
>     I think this is mistitled.
>     Aren't you really talking about the absence of a Public Key
> Infrastructure ...
>     AFAICS you still have lots of keys all over the place, it's just that
> the traditional PKIs are replaced by a preponderance mechanism.

You and Dave have identified the split of my "two minds." I started 
thinking about the problem by thinking, "forget crypto all together, just 
use fingerprints everywhere". But, then, there's really not much of a need 
to forget about crypto all-together (while conceivable) because signatures 
themselves are pretty straight forward, it is the *I* in PKI that is 
troublesome. This split is represented in my two consequents:

"The major consequent is that complex public key infrastructure may not be 
necessary... The minor consequent is the cryptographic signatures 
themselves might not be necessary to make a reasonable trust evaluation 
about a statement that has had time to grow into the tangled root structure 
of the Web."

So with this feedback  I'd think I should focus more on the major 
consequent. (Maybe change the title to "Finding Bacon's Key".) But then 
again, I don't want to loose the crucial theme of the "Preponderance Based 
Trust". Regardless, I know the title sucks (as does the word 
"preponderance") so this is something I need to ... ponder some more. 
<grin/>

>   Revocation
>      one of the least convincing parts of the paper
>       "However, there are possible solutions" hmmm

Yes, hand wavy. I'm confident this could be well addressed but I didn't 
want to get into the various revocation schemes...

> You talk about digesting RDF statements, but really we are interested in
> digesting sets of RDF statements, i.e. graphs. If these graphs have blank
> (anonymous) nodes then we have difficulties.

Yes, digesting a rdf statement and being able to identify a specific 
"reified" statement are the two issues I need to get straight in my head 
before I feel I can make substantive progress.

> For an RDF graph currently has no canonical serialization. When
> considering blank nodes, the RDF graph canonicalization problem appears
> to be Graph Isomorphism complete and is hence much harder than the XML
> canonicalization problem.

Ok, I'll read up on your documents!

-- 

Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Thursday, 4 April 2002 12:12:19 UTC