On Jan 30, 2004, at 9:48 AM, Paul Crowley wrote:
I'd be interested to know if you've looked at modern attack resistant
trust metrics in detail before saying that. Metrics like Advogato,
PageRank, and my own TrustFlow are explicitly designed to resist
attackers who try to artifically inflate their trust through mass
identity creation.
At a simple level, yes. In detail, no. But I don't believe that
web-of-trust or social-networking metrics are the way a server should
define its trust model. perhaps as a service an admin can choose to
interface to, but I think those issues are outside of the scope of what
we should be doing here, other than making allowances for them to be
interfaced to the system if an admin chooses to. So let us focus on
building core features and a way to plug these things in, let's not try
to build them in, especially in areas (like security) that are still
under active investigation and advancement where we don't know what
techniques we ultimately want to use (or where, I think, we'll find
different groups will want to use different techniques that serve
different needs). This is one of those places where I think "thinking
globally" is a bad idea -- there is no "one true way", so let's focus
on a way to interface to "many different pretty good ways" and not
hardcode things into the standard/RFC/protocol that don't need to be.
Emphasis is extendability and flexibility, not necessarily features...