[guardian-dev] WOT and Authentication Research
micah anderson
micah at riseup.net
Thu Jan 17 17:53:45 EST 2013
Hans-Christoph Steiner <hans at guardianproject.info> writes:
> On 01/16/2013 09:04 PM, Patrick Baxter wrote:
>>> I think its possible to use the WOT without publishing your social graph
>>> publicly. The keyservers can be used only for keys and revokation, then
>>> people can exchange local signatures in a p2p fashion without ever publishing
>>> them to keyservers. This is very hard to do right now, but it is something
>>> that can definitely be automated and with little user interaction needed. I
>>> hope to work on this as part of PSST this year.
This would be a local-only signature (lsign in gpg), you can export
these in order to share certifications with people that you are ok with
giving that signature to.
>> I still think the benefits of publishing signatures outweighs the
>> anonymity problems. Its a very debatable point though so I think a
>> solution to this would be to allow the owner of the key to set a flag
>> that would allow or disallow other people to publish signatures of
>> their own key. People could only upload signatures for user's that
>> have allowed it.
lsigned signatures are non-exportable signatures.
>> If publishing signatures was distributed, what would be the method to
>> determine who you share you signatures with?
This would be on a case-by-case-basis I guess.
> Once you share, whats to stop it from being re-shared?
Nothing technically, only good old fashioned human trust.
micah
More information about the Guardian-dev
mailing list