[DotGNU]Owner of the Data: potential impl, some problems with it

[Stephen Compall]

Peter Minten wrote:
> Stephen Compall wrote:
> > BTW, I believe there are owner-of-the-data issues here as well. Perhaps 
> > the OOTD methodology, whatever it may be, will play into GBFM. So 
> > hopefully OOTD can be resolved soon.

What I mean by that is that for all the fine talk about it on the DotGNU 
website, I haven't a clue after reading it how DotGNU plans to implement 
such a thing. Which leads me to believe....

> I'd love to hear your suggestions for that :-).

OOTD is some scary stuff....

The only thing I can come up with Right Now to enforce OOTD is something 
like the "web of trust". To explain: 
<http://www.gnupg.org/gph/en/manual.html#AEN554>

@quotation
When getting started using GnuPG it is important to realize that you 
need not securely communicate with every one of your correspondents. 
Start with a small circle of people, perhaps just yourself and one or 
two others who also want to exercise their right to privacy. Generate 
your keys and sign each other's public keys. This is your initial web of 
trust. By doing this you will appreciate the value of a small, robust 
web of trust and will be more cautious as you grow your web in the future.

...

Key validation is more difficult. If you do not personally know the 
person whose key you want to sign, then it is not possible to sign the 
key yourself. You must rely on the signatures of others and hope to find 
a chain of signatures leading from the key in question back to your own.
@end quotation

The idea is that you trust that a key comes from another person based on 
which keys have signed that key. In turn, you must also trust some of 
these keys, eventually tracing back to a position where you have 
personally verified the ownership of a key.

How this translates into OOTD: in order to validate that an ASP is 
trustworthy; that is, it has honored its OOTD obligations in the past, 
it must have validation from outside parties that it does so; that is, 
you must find a chain that certifies that people you trust to validate 
only conforming ASPs have also validated this ASP. And in turn, those 
users can validate other outside parties as trustworthy validators, 
etc., etc., etc.

An alternative would be to trust certificate authorities, whose role 
would be to go about webservices, certifying their OOTD records. You 
trust the authorities, they validate the ASPs.

I suppose one way to implement this would be to come up with a standard 
message, say "DotGNU Owner-of-the-Data compliant", sign it, and have the 
validators sign the signature.

The client end of the OOTD can be enforced by scaring the users with 
messages about a service maybe stealing your data..."Are You Absolutely 
Sure You Want To Continue?" Except in super-guru-expert-debug-testing 
mode, which will be named as such in order to discourage curious users. :)

Finally, the GBFM Virtual Identity consists of a GPG key.

However, there are a couple of problems with these alternatives:

1. Web-of-trust model: Rhetorical questions: how many signatures do you 
have on your key? or, how large is your web of trust? Presuming that you 
have a GnuPG key, as I assume you probably do. Speaking of which, maybe 
I should try to work on my key some time....like getting it onto a key 
server....

2. Authority model: Who are the authorities in a decentralized model? 
And why the hell should we trust them? <rant>Oh yeah, they're authority. 
It's For Our Own Good. Down With Piracy!!!..<line-noise /></rant>

Further thoughts to be found in 
<http://dotgnu.org/pipermail/developers/2002-November/008668.html>, 
which has better explanation of the direct auth connection in initial 
service validation.

This message is marked arch/auth.

--
Stephen Compall
Also known as S11001001
DotGNU `Contributor' -- http://dotgnu.org

I'm trying to change the way people approach knowledge and information
in general. I think that to try to own knowledge, to try to control
whether people are allowed to use it, or to try to stop other people
from sharing it, is sabotage.
        -- RMS, Byte interview, 1986