[Freedombox-discuss] Santiago Verifying Requests

Nick M. Daly nick.m.daly at gmail.com
Sun Apr 15 23:46:24 UTC 2012

DKG, thanks for explaining the difference between trust and identity.  I
shouldn't have needed that explanation (I *know* better than that), but
you got me to break it down again and stopped me from chasing my own
tail.  Thanks.

I shouldn't have used "trust", it's a terribly over-used and ill-defined
word.  I was also trying to infer other data from the existence of the
Web of Trust, which was a mistake.  Can't we just call it a "web of
presumed-valid identity?" :)

If you replace each occurrence of "trust" with "willing to serve a
service discovery service for" in my email, I hope it'll be more
reasonable.  That willingness-to-serve is not publicly published
information, can't be inferred from the Web of Trust, and we're
certainly better off that way.

On Thu, 12 Apr 2012 23:57:38 -0400, Daniel Kahn Gillmor wrote:

> The OpenPGP web of trust contains none of these qualitative judgments.
> What's more, i think it *shouldn't* contain these sorts of judgments;
> they make it harder to make statements of identity (because you'd be
> concerned about these other qualitative statements, which are much
> more open to change and reinterpretation), and they make it easier for
> a would-be big brother to mechanically figure out exactly who is a
> trusted and respected figure within certain subsets of the social
> graph.

I keep trying to extend Santiago to use the PGP trust network, and
that's definitely something I need to put on hold for now.  I can handle
direct, friend-to-friend information transfer, without issue.  I need to
stop trying to interpret the PGP trust network before I pick this up

I want to make sure nodes that can only talk to a some other nodes to be
able to communicate, through trusted intermediaries, to all other
available nodes.  In the below example, A trusts B and D to send and
receive messages.  As long as B and D trust C to do the same, A never
even needs to know C exists as an intermediary:

    A -> B -> C -> D

Do we need the third signing for that?  It lets C know B's message isn't
falsified and I don't think, in the current structure, that C has any
other way to know that the message comes from B.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20120415/55850004/attachment.pgp>

More information about the Freedombox-discuss mailing list