Hi Everybody, First of all a hat tip to dkg for an excellent presentation. You made crypto so interesting to me, a user, that I jumped on to Wikipedia to find out more. Needless to say I have a few questions about crypto, but hopefully in asking these questions you will see the stumbling blocks in the UI for a user. I have also come up with my own UI proposal which is probably useless, but hopefully in doing so it will generate some proper UI solutions. I have read about OpenPGP, Web of Trust, Key-signing parties including how-to, Monkeysphere and WebID. There were two Ahh moments for me in the presentation. Keys are needed to encrypt everything (doh!) so keys cannot be avoided and much be built-in to the FBX UI. Secondly, if you add a new service (email server) you can generate a new subkey which is used as a password for the email server - cool I don't have to worry about passwords - leaving you with one "master key" for everything. Here are my questions. 1) Do certs/keys have to contain personable identifiable information? Could the certs contain pseudonyms to protect people's privacy which is a goal of the FBX? 2) The WebID solution is to generate an "unsigned" cert which points back to your public key on your "username web page", i.e. your username page is acting like a key server. So, if I have the private key (in my cert) for the public key held on a username page, then I control the username on that web page, thus confirming I am the owner of that identity/key/cert. Why are keys held on centralised public key servers when the WebID model seems more secure? 3) Personally, I prefer the Monkeysphere/OpenPGP Web Of Trust model to the browser controlled Certificate Authority (CA is required for servers) model. I like that you can give your key to somebody to sign/confirm your identity although I question the value of getting "Bob from the key signing party" or your friends to sign your key. Having your friends sign your keys raise privacy concerns even if they are allowed to use pseudonyms. I would prefer to have my key signed by the traditional real-world identity providers i.e. government agencies which would remove any privacy concerns about your friends using the WOT model and offer a lot more credibility than "Fred's CA". Then I thought why aren't governments filling this traditional role and this made me think that although it's required in the real world maybe there is no *current* need for it in the online world. So, do we really need a WOT/ CA model for clients? The paranoid side of me wonders can you track someone if you have signed their key like openid providers can track you? So, obviously you can see my train of thought. When you create a username you automatically generate a key and on the http://username.mydomain.tld/about_me page you hide/store your public key. Following the WebID model, the link back to your username page always confirms you as the owner of the identity. Of course there is no trust built into this model because the key is only "self-signed" and not signed by a third party, but I would argue that it's not currently required in the online world otherwise there would have to be a WOT attached to your email address. If/when it's required in the future, I think keys should be signed by government agencies as long as they can't track you through signing your key!! My proposed solution is based on the WebID model and does not address the whole key management lifecycle and I am not sure if WebID addresses the whole key management lifecycle. I look forward to your answers and all opinions are gratefully received. -- fiftyfour
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
