[Freedombox-discuss] FOAF developers taking FreedomBox into their equation
On 10 Mar 2011, at 15:11, Clint Adams wrote:
> On Thu, Mar 10, 2011 at 01:51:48PM +0100, Henry Story wrote:
>> This is the equivalent in PGP land of loosing control of your private key. What do you do then?
> I think it is more the equivalent of losing control over a uid. In
> PGP-land I would merely revoke that uid from my key, and publish the
> revocation to the world. In my hypothetical example there has been
> no loss or compromise of secret key material, so things could quickly
> be business as usual assuming my colleagues refresh their keyrings
> and discover my revocation and possibly a new uid.
Notice that here you need you colleagues to refresh their keyrings. What if an evil power makes sure the DNSes are redirected to the one keyring that does not refresh?
Or do you no longer need DNS, or even IP addresses?
> In the event that I also lost control of my private key, I would use
> a revocation certificate to revoke the entire key, and then I would
> re-establish my presence in the web of trust by getting certifications
> from people in a position to establish my identity through other means.
yes, but how long does that take to propagate the key revocation? How much damage can be done in the meantime? How annoying is it going to be to rebuild your identity?
>> Since the value of a WebID is its relation in a network, you should have all your friends remove their links to that WebID, or even have them specify that the URIs is outdated as a relation for you.
> If the WebID is my identity, and someone else has it, how do I prove
> that it has been compromised?
How do you prove to the people who signed your PGP card that you are you? If you loose your PGP private key how do you tell them? I see people doing that by showing a passport, which is a centralised system of control if every I knew one. How are you going to prove that your are the same you as the owner of the lost PGP key?
If those are friends you know, then my guess is giving them a phone call and alerting them to this could be a good way to proceed. But if you fear the telephone system might be corrupted, you should probably go there and meet them in person.
Also I am told PGP is a great tracking tool: everybody can tell from a keyring you publish exactly who you met, and that can go back far in the past.
>> But one can imagine building other layers to make things more secure. The problem is that every layer you add will make adoption more difficult and create other issues. In the mean time FaceBook and clowns don't have anything stopping their momentum.
>> So one thing one could do is if you were to use a cryptokey/token card, would be to publish the relation to this key as a token cord one - ie, one that you can expect to keep for a long time. Your friends could then republish your relation to this key. Now if you loose your token card you'll have to go to all your friends to ask them to change that information in case someone relies on that. But servers that wish to be more secure could give you extra access rights if you use the token card key that all your friends say you have.
>> We have stuck with the simplest part for the moment, because it is enough to get the Social Web distributed. It will certainly be interesting once we have a few better implementations to see how we can add trust by people signing each others documents. But this is not an easy thing to get right.
> I understand wanting to do things half-assed to harness momentum.
Security like knowledge is not an all or nothing predicate. There are degrees of it. And there are always ways to work around things.
EG: How do you know your brain is not being stimulated by a highly advanced alien who kidnapped you and is doing an experiment on Alpha Centauri to make you think you are reading this e-mail? You don't. But if you don't how can you know anything? Well you do, because in everyday life that possibility is outside of scope of knowledge. See Nozick's "Philosphical Explanations" for more details.
Same with security. A skeptical situation can be imagined for every one of the systems you set up. And not all of them are as crazy as the Alpha Centauri one.
> What I am concerned about is a future point in time where we have
> to throw out the entire AAA infrastructure and replace it with
> something else. If no one is working on these other complex layers,
> can we be assured that that will not be necessary?
What I am interested in is if WebID precludes any of the layers you are interested in adding. If it does not, then we can deploy this, and add other solutions as they become available.
> Or perhaps the cost of complete replacement is low and I am worrying
> for naught.
Why is it all or nothing? Why can't they be complementary?
Social Web Architect