[guardian-dev] WOT and Authentication Research

Patrick Baxter patch at cs.ucsb.edu
Mon Jan 21 15:51:23 EST 2013

On Thu, Jan 17, 2013 at 10:46 AM, Hans-Christoph Steiner
<hans at guardianproject.info> wrote:
> Whether its a worthwhile exchange to publish signatures publically depends a
> lot on what the repercussions are.
> I could see three "modes" related to this:
> * paranoid: always use lsign, only exchange signatures face to face, no
> exchange of signatures other than my own
> * peer-to-peer: never export signatures to the keyservers, exchange all
> signatures I know about when I meet face-to-face
> * keyserver: export everything to the keyservers
> Ideally, this mode would be tagged in the signature itself so when a
> 'paranoid' exchanges signatures with a 'keyserver' all signatures involving
> the 'paranoid' do not get uploaded to the keyserver, and so on and so forth.
> I suppose that if the peer-to-peer mode works well, then nobody should really
> use the keyserver.

I agree there would have to be some method to opt-out or opt-in to the
publishing of signatures and those modes make sense. No one should be
forced to participate the publishing of signatures. One advantage of
publicly publishing signatures is that there is a much higher
probability that you can independently verify a path through the WOT
to a new contact. Otherwise, you are relegated to trusting the

For authentication used by the masses, having contact with a
distributed set of keyservers (owned by different parties of interest)
through a cert-pinned SSL connection offers much more security then
present. Particularly since these servers can be audited for
consistency and user's could also check for persistence of keys among
their contacts. Strict regulation for changing mappings combined with
proof of ownership for new user's would be enforced.

I think that may be the best security a centralized key-structure can
provide. Beyond that, it won't get in the way for those interested in
truly Independent verification.
Its a matter of enabling clients to rely on that infrastructure as
little as possible. Publishing signatures will help with that and
should be encouraged for those who aren't at risk by having published
signatures. Also, those exchanging signatures in a distributed manor
can benefit from the keyservers as well. Any mappings they receive
should also reflect that same mapping as exists in the keyservers.

Lastly, having a persistent and public listing of name-key mappings is
a valuable and important addition to a distributed WOT. In a
distributed environment, I don't see how you can enforce unique
mappings. This way, when you receive some new keys from a friend you
can check that they exist properly in centralized data-store. At the
least (for those who don't wish to upload at all), you could expect
not to see that person's public key or email tied to anything else.

> Why do you want to push verification to the keyserver?  I suppose it could
> provide another channel of authenticity data for bootstrapping.  But it seems
> once you've verified the fingerprint and its connection to a UID, then you
> don't need the keyserver to verify anything.  That keeps the keyserver simple.

Mostly for the reasons above. To reiterate, improved centralized
keyservers would only augment the ability to securely authenticate
another user. Independent verification is still the ultimate goal, but
this can be facilitated by a better keyserver infrastructure and the
widespread publishing of signatures for those who agree to it.
Additionally, weaker levels of verification would be more accessible
for user's with more transient names or poor ability to store and
maintain access to private keys. Its not a matter of pushing
verification to the keyserver, but creating the best keyserver
infrastructure that can be provided without stepping on the ability to
independently verify another person's mapping of key to name.

Ultimately, this may make it easier for people to participate in a WOT
and this would be a step in the right direction for accessible
authentication. Client infrastructure (GPG for everyone!) can improve
over time across different platforms, but there are a lot of steps in
getting there and it could be awhile before everyone can securely
maintain and use a private key. Trusted computing modules in phones
would be cool.

Also, a separate idea, but as part of PSST has anyone heard of or
looked into possibly storing keys on a server through some type of
open-source and zero-knowledge client? That way you get to your keys
with something like google's two-factor auth. You could dump your keys
on dropbox, a personal server, or a VPS without relieing on those
places being secure. Maybe a bad idea, but just a thought

More information about the Guardian-dev mailing list