[therightkey] Using composite PKIs

[Phillip Hallam-Baker <phill@hallambaker.com>]

[Followups on therightkey please]

Thinking about the discussion of the OpenPGP/DANE draft in OpenPGP in my
car, I came up with a metaphor for how to approach joining different PKIs.
In particular, Werner's comment that Web of Trust doesn't scale. The CA
model does scale but it isn't actually much better when trying to identify
private individuals rather than employees of a company since the only thing
I can validate economically is an email address and that isn't a person.

We can approach the problem mathematically by considering the work factor
(in US$) for causing a breach.

Combining Web of Trust with CA approaches and interning the assertions in
an immutable blockchain like log does provide an approach that scales. The
blockchain makes the workfactor time dependent. If the workfactor is $100
before an assertion is enrolled, it will be $trillions after.

Combining Web of Trust and CA trust is like building a dalek out of
fiberglass: Individually, the glass fiber and the epoxy are weak. But using
the two in combination locks the strands of glass fibre creating a
lightweight shell that can support the weight of a small truck. This part
is already written up:

https://datatracker.ietf.org/doc/draft-hallambaker-prismproof-trust/


The question we are facing now is how we make sense of that type of data.
Which is where the car trip comes in.

I am using GPS to navigate a part of the city I don't know very well. There
are multiple resources at my disposal:

1) My own knowledge of the area
2) Signposts on the road
3) The GPS maps in the car
4) Offline maps via my cell phone

Any one of these guides can be fallible. The GPS maps are pre big-dig (no
CANBUS modem car for me) so they are out of date. Offline maps are more
likely to be up to date but a malicious provider can direct specific
individuals to the wrong place.

The fact that there is a human in the loop actually keeps the mapping
service providers accountable. Even if 99% of drivers don't know where they
are going. The fact that there are roadsigns and the fact that a few do
know where they are going means that if the service defects, they are
likely to be caught.

Using a pure online mapping service like Google Maps and a thin client
means that I am always up to date but exposes all my movements to them. It
also breaks if I am in Prague on a crappy AT&T data plan costing $20/Mb for
international roaming. [Do the AT&T execs consider the semiotics of sending
their customers a text message saying 'we are going to try to steal from
you now' every time they cross an international border.

Using a pure offline map like the DVDRom based system in the Honda means
that nobody can track me by my use of a mapping service. It also means that
the maps are ten years out of date as I don't plan on replacing the van
till the child whose car seat it was built to fit has learned to drive and
won't trash the transmission.

The best map I have is actually an application on the phone that has
downloadable maps for the whole of Europe and North America. The mapping
service obviously preprocesses the maps so that the phone has as little
work to do as possible. So it is a 'thick client' but not as thick as it
might be.


I think the key to making a composite PKI work is to approach the problem
in a similar fashion. In the short term we want to be using the 'thin
client' as this allows us to change how we analyze data and add new
formats. When trying to develop a new protocol, agility is key. But the
medium term goal is to have a thick-ish client.