[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[DotGNU]Owner of the Data: potential impl, some problems with it
From: |
Stephen Compall |
Subject: |
[DotGNU]Owner of the Data: potential impl, some problems with it |
Date: |
Mon, 18 Nov 2002 13:05:59 -0600 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20021114 |
Peter Minten wrote:
Stephen Compall wrote:
BTW, I believe there are owner-of-the-data issues here as well. Perhaps
the OOTD methodology, whatever it may be, will play into GBFM. So
hopefully OOTD can be resolved soon.
What I mean by that is that for all the fine talk about it on the DotGNU
website, I haven't a clue after reading it how DotGNU plans to implement
such a thing. Which leads me to believe....
I'd love to hear your suggestions for that :-).
OOTD is some scary stuff....
The only thing I can come up with Right Now to enforce OOTD is something
like the "web of trust". To explain:
<http://www.gnupg.org/gph/en/manual.html#AEN554>
@quotation
When getting started using GnuPG it is important to realize that you
need not securely communicate with every one of your correspondents.
Start with a small circle of people, perhaps just yourself and one or
two others who also want to exercise their right to privacy. Generate
your keys and sign each other's public keys. This is your initial web of
trust. By doing this you will appreciate the value of a small, robust
web of trust and will be more cautious as you grow your web in the future.
...
Key validation is more difficult. If you do not personally know the
person whose key you want to sign, then it is not possible to sign the
key yourself. You must rely on the signatures of others and hope to find
a chain of signatures leading from the key in question back to your own.
@end quotation
The idea is that you trust that a key comes from another person based on
which keys have signed that key. In turn, you must also trust some of
these keys, eventually tracing back to a position where you have
personally verified the ownership of a key.
How this translates into OOTD: in order to validate that an ASP is
trustworthy; that is, it has honored its OOTD obligations in the past,
it must have validation from outside parties that it does so; that is,
you must find a chain that certifies that people you trust to validate
only conforming ASPs have also validated this ASP. And in turn, those
users can validate other outside parties as trustworthy validators,
etc., etc., etc.
An alternative would be to trust certificate authorities, whose role
would be to go about webservices, certifying their OOTD records. You
trust the authorities, they validate the ASPs.
I suppose one way to implement this would be to come up with a standard
message, say "DotGNU Owner-of-the-Data compliant", sign it, and have the
validators sign the signature.
The client end of the OOTD can be enforced by scaring the users with
messages about a service maybe stealing your data..."Are You Absolutely
Sure You Want To Continue?" Except in super-guru-expert-debug-testing
mode, which will be named as such in order to discourage curious users. :)
Finally, the GBFM Virtual Identity consists of a GPG key.
However, there are a couple of problems with these alternatives:
1. Web-of-trust model: Rhetorical questions: how many signatures do you
have on your key? or, how large is your web of trust? Presuming that you
have a GnuPG key, as I assume you probably do. Speaking of which, maybe
I should try to work on my key some time....like getting it onto a key
server....
2. Authority model: Who are the authorities in a decentralized model?
And why the hell should we trust them? <rant>Oh yeah, they're authority.
It's For Our Own Good. Down With Piracy!!!..<line-noise /></rant>
Further thoughts to be found in
<http://dotgnu.org/pipermail/developers/2002-November/008668.html>,
which has better explanation of the direct auth connection in initial
service validation.
This message is marked arch/auth.
--
Stephen Compall
Also known as S11001001
DotGNU `Contributor' -- http://dotgnu.org
I'm trying to change the way people approach knowledge and information
in general. I think that to try to own knowledge, to try to control
whether people are allowed to use it, or to try to stop other people
from sharing it, is sabotage.
-- RMS, Byte interview, 1986