[OpenID] [foaf-dev] cryptographics web of trust

Ben Laurie benl at google.com
Thu Aug 9 17:24:00 UTC 2007 

On 8/9/07, B.K. DeLong <bkdelong at pobox.com> wrote:
> I've been ranting a bit on this for a while now and being a
> non-programmer challenged with lacking abilities to help implement,
> I'm curious what the slowdown is.
>
> Social Network X (SNX) has a public key. I include a URL to my Public
> Key or paste in a "fingerprint" as part of my membership on SNX.
>
> I start adding friends who may or may not have added their Public Key.
> I might want to choose to only share certain information with folks
> who have a Public Key. Some sort of mechanism (dropdown list letting
> me choose which fields require a public key and which do not),
> allowing me to make that choice is important - or I may simply say "do
> not share my info with anyone not using a public key".
>
> Then we have the various trust relationships. Social Networks are
> getting better and letting people define how they met a person but we
> need to add trust levels. Allow people to create custom relationships
> and relationship groups, adding numerical trust values to the
> individual AND the group. The higher the trust level, the more
> information that is shared with that person. Perhaps set each field
> with a trust level. No one lower than level X can see this information
> and then enhance with white/blacklisting.
>
> The challenges are evident - encrypting and decrypting massive amounts
> of information for searching by calculating trust levels could be near
> impossible and create an incredible performance hit. Also, how do you
> map relationships across services? Sounds like the relationship schema
> comes back into play - it needs to be made much more robust with
> several default values or there needs to be more schemas with working
> XSLTs.
>
> And key management - if I lose my Private Key, does that mean I lose
> access to all those accounts? The lack of recovery drove me NUTS with
> PGP. My drive crashed every so often and I was screwed. How is Joe
> Schmoe going to handle that?

It's a new-fangled idea, but I've heard there's these things called
"backups" that can help with that.

>
> Either way, I think it's going to take a lot more protection of
> privacy before more folks would be willing to share information that
> would TRULY make social networks as valuable as we theorize. And to do
> that will take a significant amount of investment and a robust
> infrastructure.
>
> Not sure why a PoC hasn't been done on the above though. Are we there yet?
>
> On 8/9/07, Story Henry <henry.story at bblfish.net> wrote:
> > Hi, following some of the conversations I had on the openid forums, I
> > have read up about web security and used that new gained knowledge to
> > enhance my foaf file with a link to my public PGP key and used that
> > to sign my foaf file. Using this it is easy to see how one can create
> > a semantic cryptographic web of trust.
> >
> > http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust
> >
> > There is a lot more to add for sure, but this is a good starting
> > point. Great fun too.
> >
> > Henry Story
> > _______________________________________________
> > foaf-dev mailing list
> > foaf-dev at lists.foaf-project.org
> > http://lists.foaf-project.org/mailman/listinfo/foaf-dev
> >
>
>
> --
> B.K. DeLong (K3GRN)
> bkdelong at pobox.com
> +1.617.797.8471
>
> http://www.wkdelong.org                    Son.
> http://www.ianetsec.com                    Work.
> http://www.bostonredcross.org             Volunteer.
> http://www.carolingia.eastkingdom.org   Service.
> http://bkdelong.livejournal.com             Play.
>
>
> PGP Fingerprint:
> 38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE
>
> FOAF:
> http://foaf.brain-stream.org
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>

More information about the general mailing list