[Freedombox-discuss] Santiago Verifying Requests
Nick M. Daly
nick.m.daly at gmail.com
Sun Apr 15 23:46:24 UTC 2012
DKG, thanks for explaining the difference between trust and identity. I
shouldn't have needed that explanation (I *know* better than that), but
you got me to break it down again and stopped me from chasing my own
tail. Thanks.
I shouldn't have used "trust", it's a terribly over-used and ill-defined
word. I was also trying to infer other data from the existence of the
Web of Trust, which was a mistake. Can't we just call it a "web of
presumed-valid identity?" :)
If you replace each occurrence of "trust" with "willing to serve a
service discovery service for" in my email, I hope it'll be more
reasonable. That willingness-to-serve is not publicly published
information, can't be inferred from the Web of Trust, and we're
certainly better off that way.
On Thu, 12 Apr 2012 23:57:38 -0400, Daniel Kahn Gillmor wrote:
> The OpenPGP web of trust contains none of these qualitative judgments.
> What's more, i think it *shouldn't* contain these sorts of judgments;
> they make it harder to make statements of identity (because you'd be
> concerned about these other qualitative statements, which are much
> more open to change and reinterpretation), and they make it easier for
> a would-be big brother to mechanically figure out exactly who is a
> trusted and respected figure within certain subsets of the social
> graph.
I keep trying to extend Santiago to use the PGP trust network, and
that's definitely something I need to put on hold for now. I can handle
direct, friend-to-friend information transfer, without issue. I need to
stop trying to interpret the PGP trust network before I pick this up
again.
I want to make sure nodes that can only talk to a some other nodes to be
able to communicate, through trusted intermediaries, to all other
available nodes. In the below example, A trusts B and D to send and
receive messages. As long as B and D trust C to do the same, A never
even needs to know C exists as an intermediary:
A -> B -> C -> D
Do we need the third signing for that? It lets C know B's message isn't
falsified and I don't think, in the current structure, that C has any
other way to know that the message comes from B.
Nick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20120415/55850004/attachment.pgp>
More information about the Freedombox-discuss
mailing list