>>>>> On Wed, 19 Jul 2006 18:09:08 +0200, "A. Pagaltzis" <[EMAIL PROTECTED]> >>>>> said:
>> Maybe we need a perlish kind of building it. It's not perlish >> to show each other a passport and make sure that the image >> there matches the face. > hmm, I don’t know how else you’d do it; at least for high > confidence, you really have to be absolutely sure that you’re > signing the key of the person who is who they’re claiming to be, > and there isn’t much opportunity to be completely certain in > online interactions. > 1. If you ask CPAN contributors to supply their PK *at signup > time* (but no later!), you can be certain that the key belongs > to the person who signed up – whoever that is. (Keys uploaded > later do not confer the same trust, because that key might > belong to the person who signed up, or it might belong to an > impostor who stole their credentials – you can’t know.) > These could be signed with an extra CPAN key that confers more > trust. > 2. The best opportunity for strong trust is probably the fact > that a lot of the really active Perl hackers run into each > other face-to-face quite a bit; e.g. the London.pm’ers should > have absolutely no trouble exchanging keys face-to-face, but > the same is true of many Perlmongers groups. Likewise, many of > the core contributors of Perl attend the pertinent conferences > (YAPC, OSCON et al). > And of course the meaning of “web of trust” is that once > direct trust relationships have been established in local > groups where they are easily feasible, then every time someone > travels around or goes to a confidence and exchanges keys, you > get “six degrees of separation” style trust chains. > If we decided to make a big awareness push, we’d probably get > the prolific CPAN contributors covered well very quickly, and > then it’s a matter of continual evangelism to keep the web > expanding. > It is easy to implement #1 immediatly, but coverage will take a > very long time to go up with that method because it will only > apply to new authors. Besides, private digital keys can expire or be revoked, both are important parts of the life cycle that CPAN must pay attention to. I would hate to tell people that they need a new CPAN account when their private key expires or is revoked or that everybody needs a new CPAN account because they didn't supply a digital key at signup. Then there are pseudonyms like TELS or ERYQ or ABIGAIL. While they do have a civic name, not many know it or care about it and so doesn't CPAN either. Then there is my favorite security builder: security by visibility. By sending emails to authors for every important transaction, we give them the chance to shout when suspicious things happen and make it harder for intruders to impersonate somebody else. Another helping fact might be that when you use a digital signature often in public conversation or for your uploads, you leave a trace, a fingerprint of your personality associated with the signature. It's hard for me to imagine how this effect can be harvested by programming interfaces, but see, I read your words in this thread and others and that's how my trust in your name emerges. Were your postings signed, I would be ready to sign your signature after a while of ongoing conversation *without* seeing your passport. > In contrast, coverage should expand pretty quickly with #2, but > it will take a lot of community cooperation and lots of > evangelism to implement. When we come up with a process that works similarly as #2 but only for the trust we have into an email address, then we could get even better and faster spread. -- andreas
