On Thu, Apr 2, 2015 at 11:42 AM, Brian Sniffen <bsniffen(_at_)akamai(_dot_)com>
wrote:
But I am not arguing for first com first served. I am arguing that the
age of an endorsement is significant. An attacker can easily set up an
endorsement cartel with 100 people signing each other's keys. But they
can't backdate the endorsements to ten years before they decided they
needed them.
I don't expect to understand most of the hashes in a log of hashed
signatures. I wonder how many cloned subsets would be buried in case
they're later needed, and what can be done about that. The best I can
think of is a transparency log---to not hash those. Big public signers
should offer such logs. Private citizens signing each others keys
probably won't, but it's still valuable to have a standard format for
non-public endorsements.
It is still a hard problem. But using the log turns it from a hard
problem with an infinite number of possible endorsements to a closed
problem with a finite set of endorsements.
Closing the problem also means raising the cost of exposure and forces
the operator to think very carefully before each action. There is also
a maintenance cost if you are doing this on Facebook etc.
What I would start off doing is looking at the time span over which
the endorsements in a ring were added. An organic web of trust will be
established over a period of years. Facebook and Twitter have got a
lot better at spotting fake cartels over the years.
Presumably keys should be able to carry a note indicating that
keysignatures should only be trusted if in a log.
I don't see that, it is a relying party consideration.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp