[guardian-dev] WOT and Authentication Research

Hans-Christoph Steiner hans at guardianproject.info
Thu Jan 17 13:25:48 EST 2013

On 01/16/2013 10:41 PM, elijah wrote:
> On 01/03/2013 03:21 PM, Hans-Christoph Steiner wrote:
>> As a kind of aside, I think that the Zooko's triangle analogy is not very
>> good.  It does not map the problem very well because it portrays the three
>> elements as equally affected by each other, when I think that's clearly not
>> the case.  Security and Human Memorable seem pretty much directly inversely
>> related to me, while decentralization has a much more vague, non-linear
>> relationship to the other two.
> Interesting point, although OpenPGP names are not really *analogous* to
> Zooko's triangle. Decentralized PKI is an *example* given by Zooko in
> the original post. So, I think your point applies to Zooko's triangle
> itself. Therefore, from now on, I will refer to it as Zooko's Isosceles
> Triangle (ZIT). The point with two equal edges is "decentralized".

I thought you'd like that downgrading of 'decentralization' ;)

>> I think its possible to use the WOT without publishing your social graph
>> publicly.  The keyservers can be used only for keys and revokation, then
>> people can exchange local signatures in a p2p fashion without ever publishing
>> them to keyservers.  This is very hard to do right now, but it is something
>> that can definitely be automated and with little user interaction needed.  I
>> hope to work on this as part of PSST this year.
> I agree. Let's call that LWOT (for local-signature web of trust) to
> differentiate it from normal WOT or FWOT (federated web of trust).
> -elijah

Are you working on this problem at all as part of LEAP?


More information about the Guardian-dev mailing list