[guardian-dev] WOT and Authentication Research

Natanael natanael.l at gmail.com
Wed Jan 16 22:05:33 EST 2013

Can we have anonymous signatures?

Could we do something useful with RSA and Chaumian blinding? Or could we
possibly sign things in such a way that the recipient (the friend who can
see what I have signed) must give up his private key to prove to others
that I was the signer? Though secure multiparty computation probably screws
up that latter method of keeping my signatures from being linked to me,
unless the algorithm to check the signatures give you a result that can't
be verified computionally, just by the user.

And by the way, Zooko's triangle remains relevant. A public key is not
human readable or rememberable. A username isn't globally unique without
central servers (I'd count email addresses here). Ditch both the central
servers and the memory unfriendly keys and you have no security. Tie a key
to a name and you still don't get unique usernames.

Den 17 jan 2013 03:04 skrev "Patrick Baxter" <patch at cs.ucsb.edu>:
> Hi Hans,
> Thanks for jumping in on this. Keeping this short:
> > I think its possible to use the WOT without publishing your social graph
> > publicly.  The keyservers can be used only for keys and revokation, then
> > people can exchange local signatures in a p2p fashion without ever
> > them to keyservers.  This is very hard to do right now, but it is
> > that can definitely be automated and with little user interaction
needed.  I
> > hope to work on this as part of PSST this year.
> I still think the benefits of publishing signatures outweighs the
> anonymity problems. Its a very debatable point though so I think a
> solution to this would be to allow the owner of the key to set a flag
> that would allow or disallow other people to publish signatures of
> their own key. People could only upload signatures for user's that
> have allowed it.
> If publishing signatures was distributed, what would be the method to
> determine who you share you signatures with? Once you share, whats to
> stop it from being re-shared? With a keyserver keeping record, I would
> think its easier to respect privacy in the matter of publishing
> signatures.
> > There is a lot there, I'm wondering if you've condensed what
> > you're particular questions are since then?
> I'm focusing more on the advantages of having a single (but
> decentralized) key-server that is a framework for providing a useful
> mapping for any domain. So a server that allows only a single mapping
> to exist for each UID of a domain. Allows signatures (with privacy),
> requires proofs of control to initially establish a name, and has a
> flexible way for dealing with failures (so it is accessible). I think
> some remaining questions would be how to look as this from the user's
> perspective (independently authenticated > independent WOT path >
> exists on server that I sort of trust and have a pinned https
> connection too) and how to establish account control among failures
> (losing keys, losing account access, dos signups).
> > As a kind of aside, I think that the Zooko's triangle analogy is not
> > good.  It does not map the problem very well because it portrays the
> > elements as equally affected by each other, when I think that's clearly
> > the case
> Good point. Also, I think by decentralized he might mean having
> namespaces with unique identifiers. I think that's achievable in a
> decentralized system. So, I wouldn't look into that analogy of the
> triangle much more myself :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20130117/4a227a10/attachment-0001.html>

More information about the Guardian-dev mailing list