[Freedombox-discuss] Web of Trust Questions

Subject: [Freedombox-discuss] Web of Trust Questions
From: melvincarvalho@gmail.com (Melvin Carvalho)
Date: Tue, 13 Dec 2011 12:16:44 +0100
Message-id: <[🔎] CAKaEYh+nn4M26jwuUvUs6gOpbOC36FB9N8ej0r3M4jpAO7Gciw@mail.gmail.com>
In-reply-to: <[🔎] A58A795E7BC94A0E9909979419415D6F@SUZIE>
References: <[🔎] A58A795E7BC94A0E9909979419415D6F@SUZIE>

On 13 December 2011 09:27, John Walsh <fiftyfour at waldevin.com> wrote:
> Hi Everybody,
>
> In the web of trust (WOT),?I can create?my own identity/key as opposed to a
> Certificate Authority managing my identity/key.?I could?bring?my key to a
> key signing party with proof of identity.?Let's say Fred was?at the key
> signing party, he?checks?my proof of identity and signs?my key.?My
> signed?key is uploaded to a key server creating a chain of trust with Fred
> and the people who have signed Fred's key etc.
>
> If?I go to?Bob's website (WOT cert), Bob checks?my credentials?through the
> web of trust,?i.e.?only if there is a chain of trust between Bob's key and
> my key will Bob grant me access to his site, otherwise I will be refused
> access.?Presumably, at the same time my browser will check there is a chain
> of trust between?my key and?Bob's key and if there is no chain of trust I
> will get a warning message, otherwise I will proceed as normal.
>
> The web of trust is?not really a web of trust, but a network of?identity
> checks,?which is similar to Certificate Authorities.?Firefox is loaded with
> CA's Mozilla trusts, but I don't know them from Adam, so?there is no real
> reason?I should?trust them. Now, I would?prefer to choose?my own?trust
> authorities,?who wouldn't necessarily be everybody who has signed my key.
> For example,?I wouldn't like my key to follow a chain of trust starting with
> the black sheep in my family because you can't choose your family
>
> So, does the WOT follow a chain of trust of ALWAYS using everybody who has
> signed my key or can I choose my own trust authorities/anchors?
>
> Firefox's options allow you?to import certificates. Can I add my own "web of
> trust authorities/certificates" to Firefox, which would have priority
> over?Mozilla's chosen CA's? Please also confirm that?I just import the
> certificates from key servers of those I trust.

I use my GPG key also as my X.509 certificate so can participate in
the GPG WOT and also "Web" based WOT.  So I can access control my
pages / files based on the identity that is requesting it, and some
public access for anonymous users.

Sadly, the WWW WOT is quite undeveloped at this stage.  The biggest
GPG WOT (strong-set) is 40,000 big, it should be possible to develop a
complementary graph on the web (the web was designed to scale very
large graphs) too.  Also we should be able to include the tel: URI
scheme to start to include the 5.3 billion mobile users.

Hopefully something we can improve in 2012, I've been looking at the
bitcoin otc WOT, which also combines with GPG, ,and thinking about
scaling it to the whole web : http://bitcoin-otc.com/viewratings.php

>
> Kind Regards
>
> fiftyfour
>
>
>
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Reply to:

Follow-Ups:
- [Freedombox-discuss] Web of Trust Questions
  - From: dkg@fifthhorseman.net (Daniel Kahn Gillmor)

References:
- [Freedombox-discuss] Web of Trust Questions
  - From: fiftyfour@waldevin.com (John Walsh)

Prev by Date: [Freedombox-discuss] Java
Next by Date: [Freedombox-discuss] Web of Trust Questions
Previous by thread: [Freedombox-discuss] Web of Trust Questions
Next by thread: [Freedombox-discuss] Web of Trust Questions
Index(es):
- Date
- Thread