Loading ...
Sorry, an error occurred while loading the content.

Re: [decentralization] Tagging WWW data to build decentralized systems

Expand Messages
  • Robin Upton
    ... It s a static piece of data - you just sign the URL and post it there. Robin
    Message 1 of 8 , Jun 23, 2010
    • 0 Attachment
      On 06/24/2010 01:35 AM, Lucas Gonze wrote:
      > Neat idea.
      >
      > "The Links by Owners Of Keys (LOOK) standard is an alternative to
      > signing of online data. Instead it associates cryptographic keys with
      > URIs, alerting the reader that the data my be augmented, say by a
      > conventionally signed copy, by data published elsewhere. WWW has a lot
      > of data, but was conceived around a DNS-centric security model. This
      > standard is intended to bridge the cryptographic gap between WWW and
      > future systems which have a more direct, data-centric cryptographic
      > model. LOOK tackles the question of how users of WWW can adopt new
      > systems without either discarding their data on WWW or requiring work
      > from webmasters to implement new cryptographic systems."
      >
      > "A LOOK provides no evidence that the holder of a specific
      > cryptographic key created a particular document, merely that the
      > holder of a cryptographic key wished to associate it with a particular
      > URI, and that they could publish it online at that URI."
      >
      > "Inference about authorship from existing WWW content should not be
      > regarded as secure, since any party which can upload data to that URI
      > can insert a valid LOOK. LOOKs are designed for use by holders of
      > cryptographic keys who are already trusted, and whose cryptographic
      > identity is previously established in an alternate publishing system.
      > It allow them to assert their ownership of multiple accounts,
      > providing a mechanism for browsing software to make inference about
      > the ownership of WWW pages, which they can present to users."
      >
      > Could I use this on Twitter, Facebook, Myspace, and my personal home
      > pages to assert a unified identity across all of them? Is it an
      > active handshake or a passive/static piece of data?
      >
      It's a static piece of data - you just sign the URL and post it there.

      Robin
    • Lucas Gonze
      ... How would I use this on Twitter? Can you give an example?
      Message 2 of 8 , Jun 23, 2010
      • 0 Attachment
        > On 06/24/2010 01:35 AM, Lucas Gonze wrote:
        >> Could I use this on Twitter, Facebook, Myspace, and my personal home
        >> pages to assert a unified identity across all of them?  Is it an
        >> active handshake or a passive/static piece of data?

        On Wed, Jun 23, 2010 at 9:57 AM, Robin Upton <lists2008@...> wrote:
        > It's a static piece of data - you just sign the URL and post it there.

        How would I use this on Twitter? Can you give an example?
      • Robin Upton
        ... I ve never used Twitter, so I may be wrong, but I think that their URLs are of the form http://twitter.com/USERNAME containing a bunch of recent tweets and
        Message 3 of 8 , Jun 23, 2010
        • 0 Attachment
          > How would I use this on Twitter? Can you give an example?
          I've never used Twitter, so I may be wrong, but I think that their URLs
          are of the form http://twitter.com/USERNAME containing a bunch of recent
          tweets and a bio. Better than tweeting it would be to just post it on
          the bio, since otherwise it would drop off your page. To link your
          public XYZ Key to http://twitter.com/gonze, you could create a LOOK as
          follows:

          [LOOK uri="http://twitter.com/gonze" key="XYZ Key" value="[signed
          http://twitter.com/gonze%5d"]

          and post it in the bio section. If you can only post text, you'd have to
          just post text and suffer an ugly looking bio, but if they allow you to
          post hyperlinks there, then you could tuck this crypto stuff out of the
          reader's eye by having it as the href of a hyperlink. (Ideally, without
          any anchortext - if could still be detected by software, which could
          alert the user that someone with XYZ key wanted it associated with that
          page).

          Robin
        • Lucas Gonze
          But one thing you could do is tweet it, and that would work until the tweet was flushed out of the update stream? ... What if the owner of the encryption key
          Message 4 of 8 , Jun 23, 2010
          • 0 Attachment
            But one thing you could do is tweet it, and that would work until the
            tweet was flushed out of the update stream?

            > [LOOK uri="http://twitter.com/gonze" key="XYZ Key" value="[signed
            > http://twitter.com/gonze%5d"]

            What if the owner of the encryption key signed that URI for some other
            reason? It seems like merely signing the URI only indicates a LOOK
            assertion when everybody who signs anything buys into the LOOK
            protocol.


            On Wed, Jun 23, 2010 at 11:16 AM, Robin Upton <lists2008@...> wrote:
            >> How would I use this on Twitter? Can you give an example?
            > I've never used Twitter, so I may be wrong, but I think that their URLs
            > are of the form http://twitter.com/USERNAME containing a bunch of recent
            > tweets and a bio. Better than tweeting it would be to just post it on
            > the bio, since otherwise it would drop off your page. To link your
            > public XYZ Key to http://twitter.com/gonze, you could create a LOOK as
            > follows:
            >
            > [LOOK uri="http://twitter.com/gonze" key="XYZ Key" value="[signed
            > http://twitter.com/gonze%5d"]
            >
            > and post it in the bio section. If you can only post text, you'd have to
            > just post text and suffer an ugly looking bio, but if they allow you to
            > post hyperlinks there, then you could tuck this crypto stuff out of the
            > reader's eye by having it as the href of a hyperlink. (Ideally, without
            > any anchortext - if could still be detected by software, which could
            > alert the user that someone with XYZ key wanted it associated with that
            > page).
            >
            > Robin
            >
            >
            >
            >
            >
            > ------------------------------------
            >
            > Yahoo! Groups Links
            >
            >
            >
            >
          • Robin Upton
            ... Yes ... This is a very good point, Lucas. How about the following modification? Combine another URI (just to work as an identifier) with the URI: LOOK
            Message 5 of 8 , Jun 23, 2010
            • 0 Attachment
              On 06/24/2010 03:36 AM, Lucas Gonze wrote:
              > But one thing you could do is tweet it, and that would work until the
              > tweet was flushed out of the update stream?
              >
              Yes
              > What if the owner of the encryption key signed that URI for some other
              > reason? It seems like merely signing the URI only indicates a LOOK
              > assertion when everybody who signs anything buys into the LOOK
              > protocol.
              >
              This is a very good point, Lucas. How about the following modification?
              Combine another URI (just to work as an identifier) with the URI:

              LOOK uri="http://twitter.com/gonze" meaning="http://f2f.name/LOOK/owner" key="XYZ Key"
              value="[signed "meaning=http://f2f.name/LOOK/owner uri=http://twitter.com/gonze%5d"]

              This complicates it somewhat, but
              i) Removes the possibility that keyholders had signed that for some
              other purpose,
              ii) Allows keyholders to add their own meanings.
              i.e. I could have a "Vote on this" page, inviting people to submit a
              LOOK in a textarea,
              either http://mysite.com/yeah or http://mysite.com/nay etc.

              Robin
            • Robin Upton
              ... Yes ... Very good point. How about this modification. Add a URI to the mix, e.g. ... Although adding complexity, it would: 1) Stop cut-and-paste creation
              Message 6 of 8 , Jun 23, 2010
              • 0 Attachment
                On 06/24/2010 03:36 AM, Lucas Gonze wrote:
                > But one thing you could do is tweet it, and that would work until the
                > tweet was flushed out of the update stream?
                >
                Yes
                >> [LOOK uri="http://twitter.com/gonze" key="XYZ Key" value="[signed
                >> http://twitter.com/gonze%5d"]
                >>
                > What if the owner of the encryption key signed that URI for some other
                > reason? It seems like merely signing the URI only indicates a LOOK
                > assertion when everybody who signs anything buys into the LOOK
                > protocol.
                >
                Very good point.
                How about this modification. Add a URI to the mix, e.g.
                > [LOOK meaning="http://f2f.name/LOOK/owner" uri="http://twitter.com/gonze" key="XYZ Key" value="[signed
                > (meaning="http://f2f.name/LOOK/owner" uri="http://twitter.com/gonze") ]"]
                >
                Although adding complexity, it would:
                1) Stop cut-and-paste creation of other people's LOOKs,
                2) Allow people a URI to express what they mean
                So publishing a vote, people could submit

                [LOOK meaning="http://yoursite.com/etc/YEAH" uri="http://yousite.com/etc/votepage.html" ]
                [LOOK meaning="http://yoursite.com/etc/NAY" uri="http://yousite.com/etc/votepage.html" ]

                Robin
              Your message has been successfully submitted and would be delivered to recipients shortly.