On 11:09, Sun 12 Dec 10, Michiel de Jong wrote: > The problem with using web-of-trust for this is that many times you will want > to give someone your email address and start communicating from scratch, > without an introducer. Even if a connection exists, it would require search to > find it, and search is difficult without centralization. Also my list of > "friend-of-a-friend"s (FOAFs), through which i have a chain-of-trust with you, > may contain private information about who i hang out with. So the whole > web-of-trust approach is a hassle, and also privacy-sensitive. The CA-approach > is out of the question from the start, because it's too centralized.
this brings to my mind WebID (aka foaf+ssl): http://esw.w3.org/WebID http://esw.w3.org/Foaf%2Bssl/FAQ#How_does_this_improve_over_X.509_or_GPG_Certificates.3F the only trick here is simply to include a pointer to your foaf in the x509 cert. no central CA required. and it can be bridged to gpg rings via WoT ontology. regarding privacy exposure in FOAFs, you can apply ACLs based on inference rules about trust. So you don't have to show same doc to everybody ;) http://www.pipian.com/blog/2008/12/12/taac-in-action/ distributed search, yeah, that's the big issue. with all the hype about resurrecting finger by means of http, some people thought that, given a grid of personal rdf stores (or even rdf-over-dht), and even protecting results via foafssl if you want, the goal could be accomplished by routing this "simple" SPARQL query: @prefix : <http://xmlns.com/foaf/0.1/> . SELECT ?profile WHERE { ?person :mbox "mailto:[email protected]"; . ?profile a :PersonalProfileDocument ; :primaryTopic ?person . } ... this scenario sounds to me quite close conceptually to what you propose. take webid fingerprint and start communicating (using your cert to sign/cypher/authenticate). take guid as entry point, get to the foaf and get pointers to the trust network (if you are allowed to see them). Or vice versa, you can infer a trust metric for some node based on the pointers that reach it. > So what I came up with was to define a "fabric"-approach. We define a > multi-dimensional space in which all guids represent a fixed position. Your > coordinates in the fabric are determined not by you, nor by who you interact > with, but simply by the ASCII bits in your guid string. And then it's simple: > everybody sign the keys of their neighbours and vice versa to form the fabric. not sure I understood this properly. every node should sign their "neighbors" in this metric space? > Now to know your public key, I just walk from my position in the fabric to > yours, following the chain of neighbours that are all 'holding hands', and so > everyone's connected with everyone. don't get how do you traverse a path. chosing the geodesic in this coordinate system? > My question is: does my fabric-based approach make any sense? or am i maybe > trying to solve a non-existing problem? There must be a flaw somewhere that > prevents other people from doing this already, I just don't see it. Re. the problem, I think webID community tries to solve same problem you see (although semweb community has a je-ne-sais-quois that makes their proposals to be dismissed many times withouth a second thought). About the fabric approach, surely I didn't grasp it fully, but if the answer to last two questions is yes, I think I see a flaw :P > Many thanks for your time! > > > Kind regards, hack well, cal. -- y recuerde, lo hacemos por su seguridad! _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
