[guardian-dev] WOT and Authentication Research

Natanael natanael.l at gmail.com
Tue Jan 22 21:55:07 EST 2013

What I mean is that it's an authenticated transfer at the first transfer
from the signee.

Then, you can transfer signatures you've recieved to others. But at this
point, the secondary recipient can't verify who made them.

Actually, it might not even be important to note who made the signatures if
you trust those signatures specifically. But if you don't want to trust
specific signatures, and want to trust the key, you'd specifiy which keys
are yours in that transfer and then specify what you are just passing on.
To trust those signatures but not the key who signed them (as you trust
that the person who passed them on "agrees" with them) would require some
"overhead", in lack of better words.

Again, this is not a web because there's no ties to the source beyond the
first step. You can't follow any signatures to anybody.
This is a complement to the Web of Trust.

So again, these signatures can absolutely be reshared. It's just that the
recipient will have to store and trust those signatures specifically
instead of trusting the keypairs as he don't know who made them (and don't
know if that person will generate malicious signatures in the future).It's
only reasonable to trust the "unlinked" keypairs which you got directly
from the person who made them and that has the private key for them (as it
is only this transfer that you can verify).

Of course, this creates a new risk for pressure from other entities. A
person who might not give up his main keypair might give up one of these
"untied" keypairs, which would mean that the people who have recieved and
trusted these could be tricked by malicious signatures. But there's still
*some* level of WoT going on here, if you only have a signature from one
keypair for something, you might not trust it outright no matter who that
keypair came from.

2013/1/23 Patrick Baxter <patch at cs.ucsb.edu>

> On Tue, Jan 22, 2013 at 5:11 PM, Natanael <natanael.l at gmail.com> wrote:
> > Using secure multiparty computation or an equavilent scheme, you can send
> > data to another person while proving it came from you at the time of
> > transmission but making it impossible to verify that it came from you
> > *after* the transmission.
> >
> So this would allow you to share a signature with a friend, but
> prevent a friend from sharing it with someone else. If i'm looking at
> this right, in a distributed WOT, this would be a way of sharing a
> signature that will only be used by the person you directly share it
> with and enforce the fact that they cannot share it with someone else.
> This is probably obvious, but it wouldn't' be meaningful to share a
> anonymous signature with a key-server I think. But, this is definitely
> an useful feature for a users to selectively share signatures. Maybe
> > Now this won't really be a *web* of trust. There's just one step. But you
> > *could* pass on these signatures with their public keys to others,
> making it
> > come a bit closer.
> Do you mean that the anonymous signer could just continue to share it
> with individuals he/she chooses? The person that is presented with the
> anonymous signature couldn't' re-share, correct?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20130123/d0ff5cc4/attachment.html>

More information about the Guardian-dev mailing list