[guardian-dev] WOT and Authentication Research

Hans-Christoph Steiner hans at guardianproject.info
Fri Jan 18 11:57:22 EST 2013



On 01/17/2013 05:53 PM, micah anderson wrote:
> Hans-Christoph Steiner <hans at guardianproject.info> writes:
> 
>> On 01/16/2013 09:04 PM, Patrick Baxter wrote:
> 
>>>> I think its possible to use the WOT without publishing your social graph
>>>> publicly.  The keyservers can be used only for keys and revokation, then
>>>> people can exchange local signatures in a p2p fashion without ever publishing
>>>> them to keyservers.  This is very hard to do right now, but it is something
>>>> that can definitely be automated and with little user interaction needed.  I
>>>> hope to work on this as part of PSST this year.
> 
> This would be a local-only signature (lsign in gpg), you can export
> these in order to share certifications with people that you are ok with
> giving that signature to.
> 
>>> I still think the benefits of publishing signatures outweighs the
>>> anonymity problems. Its a very debatable point though so I think a
>>> solution to this would be to allow the owner of the key to set a flag
>>> that would allow or disallow other people to publish signatures of
>>> their own key. People could only upload signatures for user's that
>>> have allowed it.
> 
> lsigned signatures are non-exportable signatures.

In terms of implementation details, do you know what "non-exportable" means in
terms of gnupg? Or perhaps lsign is in the OpenPGP spec?  I am wondering if
non-exportable is meant to mean "cannot leave my keyring" versus "cannot
upload to a keyserver".


>>> If publishing signatures was distributed, what would be the method to
>>> determine who you share you signatures with? 
> 
> This would be on a case-by-case-basis I guess.
> 
>> Once you share, whats to stop it from being re-shared? 
> 
> Nothing technically, only good old fashioned human trust.

The software could also make it easy to do the right thing, and hard to do the
wrong thing.  For example, if signatures that were swapped with p2p were
tagged "p2p-only" or "do-not-pass-on" and the software respected those tags,
that would make it easy to do the right thing.

.hc


More information about the Guardian-dev mailing list