[rdfweb-dev] pgp signing

Jim Ley jim at j...
Fri Dec 20 13:48:21 UTC 2002 

"Bill Kearney" <wkearney99 at h...>
> > I don't want to do this, I don't want people to know my public key,
they
> > might use it for something, the only reason I have a public key is
for
> > signing RDF, I don't want _people_ to know my key, just the robots.
>
> Err, isn't this what a public key is for? Is there some risk with the
key being
> known?

The risk in it being available at the triple level, is that someone who
uses the foaf universe as an address book (which is something I do) could
conclude that sending me an email signed to the public key would be
welcome, it's not I would not read such an email, and because of that I
want to put barriers between users and my public key.

> And how is a robot going to "knit together" the link from your document
> to your key unless they can find it to begin with?

Pointing to a location of the key inside the document we're signing
strikes me as a rather odd sort of security. We can't trust the document
until we've checked the signature, but we can only check the document by
trusting the contents. That doesn't work. the key discovery has to be
seperate to the document.

> Doing lookups of your e-mail
> against the keyservers would work, I suppose, but it adds a layer of
complexity.
> Your foaf contains an mbox_sha1 that has to be resolved "locally" to
the real
> mbox.

The keyservers are searched with the ID of the key, not by searching for
people, I do wot:assuarance checking, and have no problems with
validating without doing any searching for people. (although it doesn't
work when running under the webservers account)


> But for the fragment of RDF that /defines you/ it seems like a
> shorter process to just include the public key.

I'm not, and never will be _defined by_ RDF, an RDF doc is just a
collection of statements.

> The worst thing people could do with your public key is sign something
TO you.

Exactly what I'm trying to avoid.

> > I also don't see what's gained by having the information of the
creator
> > of the doc in terms of how trusted the document is, the key
identifies a
> > person, is that not sufficient?
>
> If there's not a way to determine what an individual claims then how
will it be
> possible to avoid hijacking someone else's triples?

You signed it, don't sign something you don't agree with.

Jim.

More information about the foaf-dev mailing list