Re: [perpass] Web-of-trust CAs
DataPacRat <datapacrat@gmail.com> Mon, 21 October 2013 20:47 UTC
Return-Path: <datapacrat@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FAA411E85CB for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 13:47:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dFbPg-EFS9DP for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 13:47:03 -0700 (PDT)
Received: from mail-we0-x22b.google.com (mail-we0-x22b.google.com [IPv6:2a00:1450:400c:c03::22b]) by ietfa.amsl.com (Postfix) with ESMTP id B3E9E11E8266 for <perpass@ietf.org>; Mon, 21 Oct 2013 13:46:47 -0700 (PDT)
Received: by mail-we0-f171.google.com with SMTP id t60so7224716wes.30 for <perpass@ietf.org>; Mon, 21 Oct 2013 13:46:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=8Vuqroh0rjjsh4wF3Hn+ejUyiB2t/ASiJYGZvoKhEPg=; b=BfMvkLtlGhnFYDks4H6SxC88lbZyBih+3xzNqgS0riYAoQ2M+0oKpFFLBtIg4OH2ha JNDNCA0d/XZHOAZzg/kO5R9rtZKH9tAidLwq1zZavX6LqgpW/qoSVf3QEumKDv5ufDE6 ZE6ZB0nqChwbk3vV2633zmu6S1pbLUIBR3V1iboH1uc45INxcF4DYSgVJTHApQqrSOSR 1vWbKpxYHOSK3LUxrC8QXT7TKcNSyYifkhARR5NzGydvmah6pcplf02BTMetsjPSCoUT nEXZJ/7hijTD4rQ8APOgyb95lVL4ACYW22tC/J9VZwsECe6Q0aHimPH9bILRLygmBZ0f oioQ==
MIME-Version: 1.0
X-Received: by 10.180.72.237 with SMTP id g13mr11671061wiv.0.1382388405710; Mon, 21 Oct 2013 13:46:45 -0700 (PDT)
Received: by 10.194.133.193 with HTTP; Mon, 21 Oct 2013 13:46:45 -0700 (PDT)
In-Reply-To: <CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com>
References: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com> <CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com>
Date: Mon, 21 Oct 2013 16:46:45 -0400
Message-ID: <CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com>
From: DataPacRat <datapacrat@gmail.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2013 20:47:04 -0000
On Mon, Oct 21, 2013 at 3:20 PM, Phillip Hallam-Baker <hallam@gmail.com> wrote: > I think you need to work out how to evaluate how trust in the Web of Trust > is evaluated: > > http://tools.ietf.org/html/draft-hallambaker-prismproof-trust-00 > > You can accuse the CA system of being 'brittle' but so is Web of Trust once > you get past the keys that you signed directly yourself. > > Putting the key in a vcard only addresses one part of the problem, you need > to know whether you have the right vcard. An attacker that can knock over a > CA will have no trouble knocking over a simple vcard scheme either. > > To replace that system you have to show that what you propose as a > replacement is actually stronger and that it is not susceptible to sovereign > control by a single government (at minimum, some of us are not going to be > any more happy with a group of governments acting in concert unless you can > assure us that they will not collude). > > > Where vcard is supported, it makes a fine mechanism for converting a key > identifier to a key. It is a less good mechanism for establishing trust in a > key which is what most of us see as the hard part. The reasons you list are the ones behind why I included the 'Confidence' parameter in the Signed vCard spec. In fact, that parameter is the key to the whole approach. There is good reason to treat Bayesian analysis as a useful tool for analyzing iffy data, such as a pool of keys that may include false ones. Using existing terminology, any given vCard Authority can be treated as an ad-hoc Certificate Authority. Using one's own self-signed vCard as a baseline, web-of-trust techniques could then determine the relative amount of trust to apply to any other Signed vCard's data. Eg, if I trust my own vCard at a level of 100 decibans, I trust Alice's card at 30, and Alice trusts Bob's card at 40, it's easy to determine that Bob's card should be trusted at somewhere under 30 decibans. (Real situations would be much more complicated, such as with multiple assertion paths; but this is still early days.) If this approach is, in fact, workable, then once the details can be hammered out (perhaps with Webfist-style exchanges, perhaps some entirely different method), I'm hoping that those details can be hidden from the end-user as well as the certificate negotiations for https browsing are, for users who just want to get things done. Throw in a collection of open-source key/vCard signing apps, which use cellphone cameras and QR codes, and then, as you mention in your PRISM-Proof trust model, even a thousand attendees at a conference could potentially perform mutual key endorsements with just about every other attendee. But that's still pie-in-the-sky - getting the Signed vCard draft nailed down is the current step. Getting it nailed down so it can, at least potentially, eventually support the pie-in-the-sky, is why I've brought it up on this list. So: What can I do to improve the current Signed vCard draft? Thank you for your time, -- DataPacRat "Then again, I could be wrong."
- [perpass] Web-of-trust CAs DataPacRat
- Re: [perpass] Web-of-trust CAs Phillip Hallam-Baker
- Re: [perpass] Web-of-trust CAs DataPacRat
- Re: [perpass] Web-of-trust CAs Stephen Kent
- Re: [perpass] Web-of-trust CAs DataPacRat
- Re: [perpass] Web-of-trust CAs DataPacRat
- Re: [perpass] Web-of-trust CAs Phillip Hallam-Baker
- Re: [perpass] Web-of-trust CAs Brian E Carpenter
- Re: [perpass] Web-of-trust CAs DataPacRat
- Re: [perpass] Web-of-trust CAs Douglas Otis
- Re: [perpass] Web-of-trust CAs Phillip Hallam-Baker
- Re: [perpass] Web-of-trust CAs Stephen Kent
- Re: [perpass] Web-of-trust CAs DataPacRat
- Re: [perpass] Web-of-trust CAs DataPacRat
- Re: [perpass] Web-of-trust CAs SM
- Re: [perpass] Web-of-trust CAs Hannes Tschofenig
- Re: [perpass] Web-of-trust CAs Yoav Nir
- Re: [perpass] Web-of-trust CAs DataPacRat
- Re: [perpass] Web-of-trust CAs Stephen Kent
- Re: [perpass] Web-of-trust CAs Paul Wouters
- Re: [perpass] Web-of-trust CAs Tony Rutkowski
- Re: [perpass] Web-of-trust CAs DataPacRat
- Re: [perpass] Web-of-trust CAs Stephen Kent
- Re: [perpass] Web-of-trust CAs DataPacRat
- Re: [perpass] Web-of-trust CAs Eliot Lear
- Re: [perpass] Web-of-trust CAs Phillip Hallam-Baker
- Re: [perpass] Web-of-trust CAs Randy Bush