Keyrings for websites

Peter Pentchev roam at ringlet.net
Thu Feb 8 16:01:30 CET 2007


On Thu, Feb 08, 2007 at 01:03:05PM +0100, B?r Kessels wrote:
> Hello,
> 
> With the current growth of online services that talk to eachother (the
> web2.0) I thought it a good idea to think about a way to determine
> "trust" between the sites. 
> 
> If my site shares its spam tokens, comments, search results, tags and
> pictures (etc) with a cloud of sites, it could be a good idea to
> establish a trust-ring.
> 
> I therefore thought it an interesting idea to make keys not just for
> people, but for a website. That way I can sign public keys from other
> sites and give them a trust weight.
[snip]
> 
> It is still an idea. And no code is made yet. But I am heavy into
> Drupal (been full time developer for it for over 4 years), and I can
> introduce this concept there, then hope it takes off into wordpress,
> plone and other Open Source, or Closed source CMses. 
> 
> All I need is some general idea wether or not this will a) work at all
> and b) is possible with gnupg, and c) if it would not 'threaten' gnug
> too much.

It ought to be both possible and trivial.

ISTR several discussions on this mailing list, where people mentioned
using PGP keys (or rather, uid's) with only names, no e-mail addresses.
You could either use such keys with the hostname (or the full path to
the web application) placed directly in the "name" part of the user ID,
or develop some kind of machine-readable encoding to represent a host
name, application path, application name, or any level of detail you
feel comfortable with, and then place those in the "name" or the
"comment" part of the key's user ID.  After that, proceed as usual -
sign the user-ID with the key itself (GnuPG should do that as part of
the key generation anyway), sign it with your own key, and send the
public key to the others.  They should generate keys for their web apps
too, sign them with their own (developers') keys, and send them to you.
Then each of you establishes his own trustdb, places trust in (some of)
the developers' keys, and off you go.

G'luck,
Peter

-- 
Peter Pentchev	roam at ringlet.net    roam at cnsys.bg    roam at FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
This inert sentence is my body, but my soul is alive, dancing in the sparks of your brain.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20070208/72ecdc95/attachment.pgp 


More information about the Gnupg-users mailing list