[Freedombox-discuss] FOAF developers taking FreedomBox into their equation

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Mar 11 04:38:34 UTC 2011


On 03/10/2011 08:44 PM, Jonas Smedegaard wrote:
> If e.g. Verisign is untrusted, then remove Verisign root certificates
> from your system and any website using that CA will no longer be
> trusted.  This should be true also for WebID.

The problem with this approach is a nasty social problem, rooted in the
single-issuer specification of X.509 certificates:

 http://lair.fifthhorseman.net/~dkg/tls-centralization/

In short: there is a system of perverse incentives that force people to
keep "trusting" the untrustworthy middlemen.  We need to change that.

> Might be that the user runs IE8 with horrible settings, but the
> FreedomBox wanting to verify a claimed WebID does not, so that should
> not matter to us, I believe.

You're missing the step of what i called the "backhaul link" earlier.
If the fb is verifying a claimed webid by visiting its stored URI, then
it needs to verify that its pubkey matches the pubkey served by that
URI.  But to verify that it is legitimately reaching the URI, the FB
needs to validate the certificate of the web server hosting the FOAF
file.  This leads to either:

 (a) infinite recursion, in the case where the web server's cert itself
contains a WebID-style URI, or

 (b) some other certificate verification method, which Henry Story
points out is the standard X.509 cartel today, and may move to
DANE-style DNSSEC-backed key publication.  I don't think either of these
methods is acceptable, so that leaves us with:

 (c) sort out a better, decentralized certificate verification method.
But if we're going to do that, then we've begged the question.  We might
as well use this hypothetical better certificate verification method
directly on the client-side certs in the first place.


I'm sorry i'm not offering a specific solution right now.  I would be
happy if someone else came up with one, or if i got the time to work on
the approaches that i think are promising.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110310/1b8f4b57/attachment-0001.pgp>


More information about the Freedombox-discuss mailing list