DaemonForums  

Go Back   DaemonForums > Miscellaneous > Off-Topic

Off-Topic Everything else.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 25th October 2017
hanzer's Avatar
hanzer hanzer is offline
Real Name: Adam Jensen
just passing through
 
Join Date: Oct 2013
Location: EST USA
Posts: 314
Default An Alternative to the PGP "Web of Trust" Decentralization-ism

What if one could get their PGP key signed by an "official of integrity appointed by state government" (e.g., a Notary Public) or something similar? If a person could physically meet with a validated agent of a centrally organized system of identity authentication, present ID, generate a PGP key-pair, then have this new public key signed by the trusted agent's key, that might enable PGP technology to become a viable form of secure communication for government agencies, banks, universities, etc. Currently, these corporations seem to use funky, ad-hoc methods of ID authentication, often for every transaction.

Significant infrastructure would be required to make this work - maybe a nonprofit corporation to develop and manage the technical policies and political negotiations; and maybe several businesses offering a variety of products and services to the various entities and agencies using the method.

Maybe this thread's title should have been something like: "Open-Source Business Model" or "Public Development Federation Plan". <smirk>
Reply With Quote
  #2   (View Single Post)  
Old 25th October 2017
ibara ibara is offline
OpenBSD language porter
 
Join Date: Jan 2014
Posts: 783
Default

How would we know we could trust the people we're supposed to trust?
Reply With Quote
  #3   (View Single Post)  
Old 25th October 2017
hanzer's Avatar
hanzer hanzer is offline
Real Name: Adam Jensen
just passing through
 
Join Date: Oct 2013
Location: EST USA
Posts: 314
Default

Quote:
Originally Posted by ibara View Post
How would we know we could trust the people we're supposed to trust?
Can you elaborate? Are you asking something like "how can a person verify that someone who is presenting himself as a Notary Public is in fact a Notary Public"?
Reply With Quote
  #4   (View Single Post)  
Old 25th October 2017
ibara ibara is offline
OpenBSD language porter
 
Join Date: Jan 2014
Posts: 783
Default

Yes, that. But also, why would we give this central organization our trust in the first place?
Reply With Quote
  #5   (View Single Post)  
Old 25th October 2017
hanzer's Avatar
hanzer hanzer is offline
Real Name: Adam Jensen
just passing through
 
Join Date: Oct 2013
Location: EST USA
Posts: 314
Default

Quote:
Originally Posted by ibara View Post
Yes, that. But also, why would we give this central organization our trust in the first place?
Do you mean that in a sovereign citizen movement kind of way?

It's probably not a good idea to go down that path.
http://www.start.umd.edu/news/sovere...rrorist-threat
Reply With Quote
  #6   (View Single Post)  
Old 25th October 2017
ibara ibara is offline
OpenBSD language porter
 
Join Date: Jan 2014
Posts: 783
Default

No. I'm about as far away from them politically as one can be.
Reply With Quote
  #7   (View Single Post)  
Old 26th October 2017
sacerdos_daemonis's Avatar
sacerdos_daemonis sacerdos_daemonis is offline
Real Name: Will forever be a secret.
Spam Deminer
 
Join Date: Sep 2014
Posts: 283
Default

Quote:
Originally Posted by hanzer View Post
What if one could get their PGP key signed by an "official of integrity appointed by state government"
That assumes governments can be trusted.

Quote:
If a person could physically meet with a validated agent of a centrally organized system of identity authentication
Is there really a need for centralised control of private message encryption methods? Should such a system also be created for car brakes? Curently, automotive makers set their own standards for brake design. The purpose of that analogy to argue that centralised control is not always necessary.


Quote:
Significant infrastructure would be required to make this work
Which again raises the question of, is it desirble? Would a cost-benefit analysis suggest the rewards would be greater than the effort?


Quote:
maybe a nonprofit corporation to develop and manage the technical policies and political negotiations; and maybe several businesses offering a variety of products and services to the various entities and agencies using the method.
What makes a group of companies more trustworthy than one? Which can be trusted more? A group of companies or a government (and its "trusted appointees")?
Reply With Quote
  #8   (View Single Post)  
Old 26th October 2017
hanzer's Avatar
hanzer hanzer is offline
Real Name: Adam Jensen
just passing through
 
Join Date: Oct 2013
Location: EST USA
Posts: 314
Default Read it again.

The premise is very simple - it is to use the existing US government's person identification infrastructure to authenticate PGP keys, thereby extending the infrastructure's identity validation methods into the realm of e.g., email.

The products and services mentioned earlier could be anything from a certified mobile app for a Notary Public (or some other ministerial official) to a key management and communication policy support system for a hospital, bank, university, government agency, etc.

It really is a very simple idea. The core technical foundations (e.g., GnuPG) have already been designed, built, and exercised in the world. As far as I know, the tech works. Granted, much is still needed to associate PGP public keys with government issued ID's in a sufficiently valid manner but most of what still needs to be built is in the domain of policy, business, and administration.

It seems like there is some opportunity for entrepreneurs who have experience in secure systems configuration and administration. </sales pitch>

Last edited by hanzer; 26th October 2017 at 02:47 PM.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Difference between"arp info overwritten" and " duplicate IP address " varag OpenBSD Security 1 6th April 2015 02:57 PM
How to replace "ectags" with "ctags"? fender0107401 OpenBSD Packages and Ports 5 16th April 2013 10:01 AM
Where should I put my config? "rc.conf" or "rc.conf.local"? fender0107401 OpenBSD General 2 2nd April 2012 02:53 AM
Fixed "xinit" after _7 _8, "how" here in case anyones' "X" breaks... using "nvidia" jb_daefo Guides 0 5th October 2009 09:31 PM
"Thanks" and "Edit Tags". diw Feedback and Suggestions 2 29th March 2009 12:06 AM


All times are GMT. The time now is 01:52 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick