Hi,
On Aug 29, 2008, at 11:12 AM, Dirk Meyer wrote:
Pedro Melo wrote:
On Aug 26, 2008, at 2:41 PM, Dirk Meyer wrote:
in case you do not read Slashdot or follow Usenix publications, here
is an interessting link:
http://www.cs.cmu.edu/~perspectives/perspectives_usenix08.pdf
The question is: who is the Notary Server in our case. It can not be
the XMPP server because the XMPP is one of the view points an
attacker
could be.
I read it and my first though was: what is the advantage of a notary
to a web of trust?
IMHO it is more like the Byzantine Fault Tolerance. You do not have to
trust the notary server, you just assume that maybe one or two may be
lying, but not all of them.
When I want to open a secure connection to you I could ask five notary
servers around the globe (e.g. different XMPP server in a different
domain). If four out of five report the same fingerprint for you I
could trust it. If they also report that the fingerprint is the same
for half a year now, I can be sure it is yours. Ok, it is not 100%
correct, but an attacker must manipulate many different server to fake
your key and an attacker can not know which notary servers I will
ask.
Well, I have this thing called a roster, and some of them I already
have certified as being the person I expect them to be. And for some
of those, I actually trust their judgement. So why not asking them if
they know this person? And if yes, what's the signature they know them
by?
I'm not saying that the Perspectives proposal is bad, not at al. I
think its a great way to bootstrap and if it goes forward, something
we could try and use. But this is XMPP-la-la-land, and maybe we can
leverage our strengths (aka, the roster) to have something better.
Best regards,
--
Pedro Melo
Blog: http://www.simplicidade.org/notes/
XMPP ID: [EMAIL PROTECTED]
Use XMPP!
