[OpenID] [foaf-dev] cryptographics web of trust

B.K. DeLong bkdelong at pobox.com
Thu Aug 9 17:15:56 UTC 2007 

I've been ranting a bit on this for a while now and being a
non-programmer challenged with lacking abilities to help implement,
I'm curious what the slowdown is.

Social Network X (SNX) has a public key. I include a URL to my Public
Key or paste in a "fingerprint" as part of my membership on SNX.

I start adding friends who may or may not have added their Public Key.
I might want to choose to only share certain information with folks
who have a Public Key. Some sort of mechanism (dropdown list letting
me choose which fields require a public key and which do not),
allowing me to make that choice is important - or I may simply say "do
not share my info with anyone not using a public key".

Then we have the various trust relationships. Social Networks are
getting better and letting people define how they met a person but we
need to add trust levels. Allow people to create custom relationships
and relationship groups, adding numerical trust values to the
individual AND the group. The higher the trust level, the more
information that is shared with that person. Perhaps set each field
with a trust level. No one lower than level X can see this information
and then enhance with white/blacklisting.

The challenges are evident - encrypting and decrypting massive amounts
of information for searching by calculating trust levels could be near
impossible and create an incredible performance hit. Also, how do you
map relationships across services? Sounds like the relationship schema
comes back into play - it needs to be made much more robust with
several default values or there needs to be more schemas with working
XSLTs.

And key management - if I lose my Private Key, does that mean I lose
access to all those accounts? The lack of recovery drove me NUTS with
PGP. My drive crashed every so often and I was screwed. How is Joe
Schmoe going to handle that?

Either way, I think it's going to take a lot more protection of
privacy before more folks would be willing to share information that
would TRULY make social networks as valuable as we theorize. And to do
that will take a significant amount of investment and a robust
infrastructure.

Not sure why a PoC hasn't been done on the above though. Are we there yet?

On 8/9/07, Story Henry <henry.story at bblfish.net> wrote:
> Hi, following some of the conversations I had on the openid forums, I
> have read up about web security and used that new gained knowledge to
> enhance my foaf file with a link to my public PGP key and used that
> to sign my foaf file. Using this it is easy to see how one can create
> a semantic cryptographic web of trust.
>
> http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust
>
> There is a lot more to add for sure, but this is a good starting
> point. Great fun too.
>
> Henry Story
> _______________________________________________
> foaf-dev mailing list
> foaf-dev at lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-dev
>


-- 
B.K. DeLong (K3GRN)
bkdelong at pobox.com
+1.617.797.8471

http://www.wkdelong.org                    Son.
http://www.ianetsec.com                    Work.
http://www.bostonredcross.org             Volunteer.
http://www.carolingia.eastkingdom.org   Service.
http://bkdelong.livejournal.com             Play.


PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE

FOAF:
http://foaf.brain-stream.org

More information about the general mailing list