[guardian-dev] WOT and Authentication Research

elijah elijah at riseup.net
Wed Jan 16 22:41:42 EST 2013


On 01/03/2013 03:21 PM, Hans-Christoph Steiner wrote:

> As a kind of aside, I think that the Zooko's triangle analogy is not very
> good.  It does not map the problem very well because it portrays the three
> elements as equally affected by each other, when I think that's clearly not
> the case.  Security and Human Memorable seem pretty much directly inversely
> related to me, while decentralization has a much more vague, non-linear
> relationship to the other two.

Interesting point, although OpenPGP names are not really *analogous* to
Zooko's triangle. Decentralized PKI is an *example* given by Zooko in
the original post. So, I think your point applies to Zooko's triangle
itself. Therefore, from now on, I will refer to it as Zooko's Isosceles
Triangle (ZIT). The point with two equal edges is "decentralized".

> I think its possible to use the WOT without publishing your social graph
> publicly.  The keyservers can be used only for keys and revokation, then
> people can exchange local signatures in a p2p fashion without ever publishing
> them to keyservers.  This is very hard to do right now, but it is something
> that can definitely be automated and with little user interaction needed.  I
> hope to work on this as part of PSST this year.

I agree. Let's call that LWOT (for local-signature web of trust) to
differentiate it from normal WOT or FWOT (federated web of trust).

-elijah


More information about the Guardian-dev mailing list