On 01/06/2010 04:16 PM, Andre Amorim wrote: > What are your thoughts about that ? > > http://www.cs.rice.edu/~mtd3/comp527/comp527presentation.pdf
Interesting! thanks for pointing it out. I like the idea of using Facebook as a transport/distribution mechanism. I'm less confident in their use of Facebook to encourage keysigning. For example, i'm not even sure i understand the part here where they talk about "photos of Devin taken by his friends": from the facebook app on page 7 of the presentation: >> Make sure you fully trust Devin's public key. You can do this by >> verifying the photos of Devin taken by his friends and/or verifying the >> public key fingerprint with an out of band communication method (in >> person, over the phone, etc) Also, the authors of the presentation seem to have gotten the semantics of keysigning confused with ownertrust. Standard OpenPGP key signatures certify *nothing* about the issuer's belief in the subject's capacity as a keysigner, but their facebook app suggests otherwise (also on page 7): >> By signing Devin's public key, you vouch for the validity of that key >> and your trust that Devin will exercise good judgement when signing >> other public keys These concepts (the difference between key/uid validity and ownertrust) are already pretty confusing; it would be a shame if facebook users were introduced to the OpenPGP concepts by this sort of a mixed message. That said, OpenPGP does have many of the properties that make social networking appealing. it'd be a Good Thing to use existing social networks to bring people into the Web of Trust online, if done carefully. --dkg PS their pidgin work is unclear from the paper, so i don't really know how to evaluate it. if all they did was fetch keys from facebook, that's a little weird (since they could already fetch keys from the hkp network). i'm also not convinced that OpenPGP messages are the best technological choice (without *significant* extra thought and UI work) for instant messaging.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users