- From: Joseph Reagle <reagle@w3.org>
- Date: Thu, 4 Apr 2002 12:11:16 -0500
- To: "Jeremy Carroll" <jjc@hplb.hpl.hp.com>, <www-rdf-interest@w3.org>
- Cc: Dave Reynolds <der@hplb.hpl.hp.com>
On Wednesday 03 April 2002 08:35, Jeremy Carroll wrote: > I had a quick look through your paper and found some of it convincing, > and other bits less so. I agree with your characterization of the contributions. > Key Free Trust in the Semantic Web > I think this is mistitled. > Aren't you really talking about the absence of a Public Key > Infrastructure ... > AFAICS you still have lots of keys all over the place, it's just that > the traditional PKIs are replaced by a preponderance mechanism. You and Dave have identified the split of my "two minds." I started thinking about the problem by thinking, "forget crypto all together, just use fingerprints everywhere". But, then, there's really not much of a need to forget about crypto all-together (while conceivable) because signatures themselves are pretty straight forward, it is the *I* in PKI that is troublesome. This split is represented in my two consequents: "The major consequent is that complex public key infrastructure may not be necessary... The minor consequent is the cryptographic signatures themselves might not be necessary to make a reasonable trust evaluation about a statement that has had time to grow into the tangled root structure of the Web." So with this feedback I'd think I should focus more on the major consequent. (Maybe change the title to "Finding Bacon's Key".) But then again, I don't want to loose the crucial theme of the "Preponderance Based Trust". Regardless, I know the title sucks (as does the word "preponderance") so this is something I need to ... ponder some more. <grin/> > Revocation > one of the least convincing parts of the paper > "However, there are possible solutions" hmmm Yes, hand wavy. I'm confident this could be well addressed but I didn't want to get into the various revocation schemes... > You talk about digesting RDF statements, but really we are interested in > digesting sets of RDF statements, i.e. graphs. If these graphs have blank > (anonymous) nodes then we have difficulties. Yes, digesting a rdf statement and being able to identify a specific "reified" statement are the two issues I need to get straight in my head before I feel I can make substantive progress. > For an RDF graph currently has no canonical serialization. When > considering blank nodes, the RDF graph canonicalization problem appears > to be Graph Isomorphism complete and is hence much harder than the XML > canonicalization problem. Ok, I'll read up on your documents! -- Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature/ W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Thursday, 4 April 2002 12:12:19 UTC