[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[DotGNU]Owner of the Data: potential impl, some problems with it

From: Stephen Compall
Subject: [DotGNU]Owner of the Data: potential impl, some problems with it
Date: Mon, 18 Nov 2002 13:05:59 -0600
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20021114

Peter Minten wrote:
Stephen Compall wrote:
BTW, I believe there are owner-of-the-data issues here as well. Perhaps the OOTD methodology, whatever it may be, will play into GBFM. So hopefully OOTD can be resolved soon.

What I mean by that is that for all the fine talk about it on the DotGNU website, I haven't a clue after reading it how DotGNU plans to implement such a thing. Which leads me to believe....

I'd love to hear your suggestions for that :-).

OOTD is some scary stuff....

The only thing I can come up with Right Now to enforce OOTD is something like the "web of trust". To explain: <>

When getting started using GnuPG it is important to realize that you need not securely communicate with every one of your correspondents. Start with a small circle of people, perhaps just yourself and one or two others who also want to exercise their right to privacy. Generate your keys and sign each other's public keys. This is your initial web of trust. By doing this you will appreciate the value of a small, robust web of trust and will be more cautious as you grow your web in the future.


Key validation is more difficult. If you do not personally know the person whose key you want to sign, then it is not possible to sign the key yourself. You must rely on the signatures of others and hope to find a chain of signatures leading from the key in question back to your own.
@end quotation

The idea is that you trust that a key comes from another person based on which keys have signed that key. In turn, you must also trust some of these keys, eventually tracing back to a position where you have personally verified the ownership of a key.

How this translates into OOTD: in order to validate that an ASP is trustworthy; that is, it has honored its OOTD obligations in the past, it must have validation from outside parties that it does so; that is, you must find a chain that certifies that people you trust to validate only conforming ASPs have also validated this ASP. And in turn, those users can validate other outside parties as trustworthy validators, etc., etc., etc.

An alternative would be to trust certificate authorities, whose role would be to go about webservices, certifying their OOTD records. You trust the authorities, they validate the ASPs.

I suppose one way to implement this would be to come up with a standard message, say "DotGNU Owner-of-the-Data compliant", sign it, and have the validators sign the signature.

The client end of the OOTD can be enforced by scaring the users with messages about a service maybe stealing your data..."Are You Absolutely Sure You Want To Continue?" Except in super-guru-expert-debug-testing mode, which will be named as such in order to discourage curious users. :)

Finally, the GBFM Virtual Identity consists of a GPG key.

However, there are a couple of problems with these alternatives:

1. Web-of-trust model: Rhetorical questions: how many signatures do you have on your key? or, how large is your web of trust? Presuming that you have a GnuPG key, as I assume you probably do. Speaking of which, maybe I should try to work on my key some getting it onto a key server....

2. Authority model: Who are the authorities in a decentralized model? And why the hell should we trust them? <rant>Oh yeah, they're authority. It's For Our Own Good. Down With Piracy!!!..<line-noise /></rant>

Further thoughts to be found in <>, which has better explanation of the direct auth connection in initial service validation.

This message is marked arch/auth.

Stephen Compall
Also known as S11001001
DotGNU `Contributor' --

I'm trying to change the way people approach knowledge and information
in general. I think that to try to own knowledge, to try to control
whether people are allowed to use it, or to try to stop other people
from sharing it, is sabotage.
        -- RMS, Byte interview, 1986

reply via email to

[Prev in Thread] Current Thread [Next in Thread]