On 6/2/08, Noel J. Bergman <[EMAIL PROTECTED]> wrote: > Robert Burrell Donkin wrote: > >> my conclusion was that meta-data signed by [keys in the] WoT would be good > enough. > >> there's no need to distribute a master key > > +1 > >> key management is tricky > > Not that tricky. Let's not make as if this isn't done routinely elsewhere.
>> this is where the complexity lies. IIRC it was quite tough to come up >> with a user friendly trust model that worked correctly. > > Not so much, seeing as how you just agreed with CLR: > >> For example, "trust all unsigned", "trust all signed", "trust all signed > in >> Apache WOT" might be reasonable policies declared by the user. IMHO these are all reasonable policies. But users are used to thinking in black and white. They want software just to work. >> we don't actually require that the artifacts are signed: just >> meta-data about the artifacts > > What do you think a signature is in the first place? It is a digitally > encrypted hash, i.e., meta-data. The idea is that you sign finely grained domain specific meta-data. For example, I would not be willing to sign a key unless I've met the owner F2F but I would be willing to sign meta-data linking a key to an incubator project. Robert > > --- Noel > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
