[guardian-dev] WOT and Authentication Research
elijah at riseup.net
Wed Jan 16 22:41:42 EST 2013
On 01/03/2013 03:21 PM, Hans-Christoph Steiner wrote:
> As a kind of aside, I think that the Zooko's triangle analogy is not very
> good. It does not map the problem very well because it portrays the three
> elements as equally affected by each other, when I think that's clearly not
> the case. Security and Human Memorable seem pretty much directly inversely
> related to me, while decentralization has a much more vague, non-linear
> relationship to the other two.
Interesting point, although OpenPGP names are not really *analogous* to
Zooko's triangle. Decentralized PKI is an *example* given by Zooko in
the original post. So, I think your point applies to Zooko's triangle
itself. Therefore, from now on, I will refer to it as Zooko's Isosceles
Triangle (ZIT). The point with two equal edges is "decentralized".
> I think its possible to use the WOT without publishing your social graph
> publicly. The keyservers can be used only for keys and revokation, then
> people can exchange local signatures in a p2p fashion without ever publishing
> them to keyservers. This is very hard to do right now, but it is something
> that can definitely be automated and with little user interaction needed. I
> hope to work on this as part of PSST this year.
I agree. Let's call that LWOT (for local-signature web of trust) to
differentiate it from normal WOT or FWOT (federated web of trust).
More information about the Guardian-dev