[guardian-dev] WOT and Authentication Research

micah anderson micah at riseup.net
Thu Jan 17 17:53:45 EST 2013


Hans-Christoph Steiner <hans at guardianproject.info> writes:

> On 01/16/2013 09:04 PM, Patrick Baxter wrote:

>>> I think its possible to use the WOT without publishing your social graph
>>> publicly.  The keyservers can be used only for keys and revokation, then
>>> people can exchange local signatures in a p2p fashion without ever publishing
>>> them to keyservers.  This is very hard to do right now, but it is something
>>> that can definitely be automated and with little user interaction needed.  I
>>> hope to work on this as part of PSST this year.

This would be a local-only signature (lsign in gpg), you can export
these in order to share certifications with people that you are ok with
giving that signature to.

>> I still think the benefits of publishing signatures outweighs the
>> anonymity problems. Its a very debatable point though so I think a
>> solution to this would be to allow the owner of the key to set a flag
>> that would allow or disallow other people to publish signatures of
>> their own key. People could only upload signatures for user's that
>> have allowed it.

lsigned signatures are non-exportable signatures.

>> If publishing signatures was distributed, what would be the method to
>> determine who you share you signatures with? 

This would be on a case-by-case-basis I guess.

> Once you share, whats to stop it from being re-shared? 

Nothing technically, only good old fashioned human trust.

micah


More information about the Guardian-dev mailing list