W3C home > Mailing lists > Public > www-rdf-interest@w3.org > April 2002

RE: Think Piece: Key Free Trust in the Semantic Web

From: <franklin.reynolds@nokia.com>
Date: Mon, 8 Apr 2002 04:16:02 -0400
Message-ID: <E320A8529CF07E4C967ECC2F380B0CF96E795C@bsebe001.NOE.Nokia.com>
To: <GK@ninebynine.org>, <me@aaronsw.com>
Cc: <reagle@w3.org>, <www-rdf-interest@w3.org>
I think I must not understand some important point of Joseph's
proposal. It seems to me that:

  a. DNS spoofing would be a reasonable way to attack access to the 
     content named by the reputation server or access to the reputation 
     server itself. 
  b. the reputation server might not be trustworthy (I am not talking
     about the ability to "game" the reputation server, I am talking
     about a dishonest reputation server)

Franklin Reynolds

> -----Original Message-----
> From: ext Graham Klyne [mailto:GK@ninebynine.org]
> Sent: Saturday, April 06, 2002 1:29 AM
> To: Aaron Swartz
> Cc: Joseph M. Reagle Jr.; RDF-Interest
> Subject: Re: Think Piece: Key Free Trust in the Semantic Web
> At 09:51 PM 4/4/02 -0600, Aaron Swartz wrote:
> >MITM can occur in the static document scenario, if you 
> imagine the Man
> >sitting at your ISP, slyly rewriting all the crypto that 
> comes thru. (I
> >admit, this is a very paranoid scenario.) The attack here 
> would be to feed
> >you (seemingly signed) documents that the real person never signed.
> What I think is interesting about Joseph's proposal is that however 
> paranoid you may be, it's difficult to believe that an attacker has 
> compromised every information source in the Internet, or even 
> a significant 
> majority of them.  If you believe that, then I think you 
> might as well give 
> up on any form of security.
> I think the most pernicious attack is one in which one's 
> "usual" processing 
> platform is compromised:  whatever security may exist to the 
> outside world, 
> information presented to the operator cannot be checked.  I 
> think trust in 
> one's local platform is pretty much a prerequisite for any security.
> #g
> -------------------
> Graham Klyne
> <GK@NineByNine.org>
Received on Monday, 8 April 2002 04:16:23 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:44:35 UTC