Loading ...
Sorry, an error occurred while loading the content.

Trust metrics for WeVouchFor

Expand Messages
  • Martijn Meijering
    A number of people have suggested that WeVouchFor would be more useful if it had some way to measure or constrain how much weight an individual certification
    Message 1 of 5 , May 31, 2008
    • 0 Attachment
      A number of people have suggested that WeVouchFor would be more useful
      if it had some way to measure or constrain how much weight an
      individual certification carries. Laurent has mentioned trust metrics,
      but hasn't said much about what that means.

      Advogato and OpenPGP already use trust metrics and we can probably
      learn a lot from that, so I have been reading up on both. This is what
      I have found.

      Advogato is very similar in aim to WeVouchFor. Its purpose is to help
      open source projects find good team members. It ranks developers using
      three ranks: apprentice, journeyer, and master.

      OpenPGP is a standard for verification systems for public keys used in
      public key cryptography. OpenPGP helps determine whether a published
      public key really belongs its alleged owner. It is the sort of thing
      that helps us distinguish the allegedly largely real Ron Jeffries from
      the evidently mostly mythical Jason Armaties for example.

      One thing they have in common is that they involve some kind of trust.
      In the case of Advogato it is trust in the abilities of a developer,
      in the case of OpenPGP it is trust in the identity of the owner of a
      public key.

      Another thing they have in common is that they rely on a web of trust,
      based on certifications of individuals by individuals, instead of
      certifications by a central authority.

      So how do they make sure the individual certifications have any meaning?

      Advogato has a very simple solution: it designates a hardwired group
      of four user accounts as seeds for the trust metric. So while the four
      seeds are not the only ones who can certify others, it does mean that
      all authority ultimately derives from those four users. So it is not
      completely peer to peer after all.

      OpenPGP is more flexible because it allows users to specify their own
      seeds. You can even specify how much redundancy you want before you
      trust an indirectly certified key.

      links:

      http://en.wikipedia.org/wiki/Web_of_trust
      http://www.advogato.org
      http://www.openpgp.org/
      http://www.gnupg.org/
    • Steven Gordon
      ... This helps, but is not quite enough. Just because I might choose to trust Ron Jeffries certifications does not necessarily mean I trust the
      Message 2 of 5 , May 31, 2008
      • 0 Attachment
        On Sat, May 31, 2008 at 4:48 AM, Martijn Meijering <martijn@...> wrote:
        > Advogato has a very simple solution: it designates a hardwired group
        > of four user accounts as seeds for the trust metric. So while the four
        > seeds are not the only ones who can certify others, it does mean that
        > all authority ultimately derives from those four users. So it is not
        > completely peer to peer after all.
        >
        > OpenPGP is more flexible because it allows users to specify their own
        > seeds. You can even specify how much redundancy you want before you
        > trust an indirectly certified key.

        This helps, but is not quite enough. Just because I might choose to
        trust Ron Jeffries' certifications does not necessarily mean I trust
        the certifications of the all the people Ron certifies. After all, he
        could be certifying their skills at TDD or XP or whatever, not
        necessarily their integrity at giving out certifications.

        It might help to add a special type of certification where people
        certify that a individual gives meaningful certifications. Then the
        forest of certifications I would be trusting would be the tree of
        certifications from each of my chosen seeds where:
        - internal nodes can only be linked via this special kind of
        certification certification to any depth I choose, but
        - leaf nodes could be linked via any kind of certification.

        Steve
      • Martijn Meijering
        ... I believe there is something like this in OpenPGP (ownertrust), but I don t know enough about it yet. Advogato too indirectly does a bit of this, because
        Message 3 of 5 , May 31, 2008
        • 0 Attachment
          > This helps, but is not quite enough. Just because I might choose to
          > trust Ron Jeffries' certifications does not necessarily mean I trust
          > the certifications of the all the people Ron certifies. After all, he
          > could be certifying their skills at TDD or XP or whatever, not
          > necessarily their integrity at giving out certifications.

          I believe there is something like this in OpenPGP (ownertrust), but I
          don't know enough about it yet. Advogato too indirectly does a bit of
          this, because nodes that have shorter routes to the seeds contribute
          more to the trust level.

          > It might help to add a special type of certification where people
          > certify that a individual gives meaningful certifications. Then the
          > forest of certifications I would be trusting would be the tree of
          > certifications from each of my chosen seeds where:
          > - internal nodes can only be linked via this special kind of
          > certification certification to any depth I choose, but
          > - leaf nodes could be linked via any kind of certification.

          Your suggestion sounds interesting, but I'm not sure what you have in
          mind precisely. Can you say more about the criterion for internal nodes.

          As an aside: the trust relation is not really a forest. In general,
          more than one person will certify the same person, so nodes do not
          have (unique) parents. There can easily be cycles.
        • Steven Gordon
          ... Trusted certifiers should only be those specifically certified for their integrity as certifiers by other trusted certifiers (as recursively generated from
          Message 4 of 5 , May 31, 2008
          • 0 Attachment
            On Sat, May 31, 2008 at 7:08 AM, Martijn Meijering <martijn@...> wrote:
            >> This helps, but is not quite enough. Just because I might choose to
            >> trust Ron Jeffries' certifications does not necessarily mean I trust
            >> the certifications of the all the people Ron certifies. After all, he
            >> could be certifying their skills at TDD or XP or whatever, not
            >> necessarily their integrity at giving out certifications.
            >
            > I believe there is something like this in OpenPGP (ownertrust), but I
            > don't know enough about it yet. Advogato too indirectly does a bit of
            > this, because nodes that have shorter routes to the seeds contribute
            > more to the trust level.
            >
            >> It might help to add a special type of certification where people
            >> certify that a individual gives meaningful certifications. Then the
            >> forest of certifications I would be trusting would be the tree of
            >> certifications from each of my chosen seeds where:
            >> - internal nodes can only be linked via this special kind of
            >> certification certification to any depth I choose, but
            >> - leaf nodes could be linked via any kind of certification.
            >
            > Your suggestion sounds interesting, but I'm not sure what you have in
            > mind precisely. Can you say more about the criterion for internal nodes.

            Trusted certifiers should only be those specifically certified for
            their integrity as certifiers by other trusted certifiers (as
            recursively generated from the seeds chosen by the user). Those
            certified by trusted certifiers for skills other than being trusted to
            make good certification should not be considered trusted certifiers.
            They should only be trusted for the specific skills they were
            certified for by trusted certifiers.

            Is that any clearer?

            >
            > As an aside: the trust relation is not really a forest. In general,
            > more than one person will certify the same person, so nodes do not
            > have (unique) parents. There can easily be cycles.

            True - just trying to avoid any unnecessary complexities in describing my idea.

            >
          • John Roth
            ... I don t think that s fine grained enough. Granted, there are certain skills needed to be able to certify anything, but the certifier also needs specific
            Message 5 of 5 , May 31, 2008
            • 0 Attachment
              Steven Gordon said:


              >
              > Trusted certifiers should only be those specifically certified for
              > their integrity as certifiers by other trusted certifiers (as
              > recursively generated from the seeds chosen by the user). Those
              > certified by trusted certifiers for skills other than being trusted to
              > make good certification should not be considered trusted certifiers.
              > They should only be trusted for the specific skills they were
              > certified for by trusted certifiers.

              I don't think that's fine grained enough. Granted, there are
              certain skills needed to be able to certify anything, but the
              certifier also needs specific expertise. I could, for example
              give a reliable certification in a thoroughly obsolete technology:
              IBM mainframe assembler programming. Does that mean that
              I could give a reliable certification in XP coaching? I certainly
              hope not!

              John Roth
            Your message has been successfully submitted and would be delivered to recipients shortly.