[Cryptography] Verisimilitrust

Fri Jan 15 09:20:00 EST 2016

On new trust models,

What I have done with the Mathematical Mesh is to apply many of the
concepts of X.509 PKI but to a completely different domain - managing
a personal trust infrastructure.

I have code and documentation that currently work and I am in the
process of putting both out in the real world.

In traditional PKI we spend all our time working out how Alice can
trust Bob's key. That was the problem in 1990. Today the much bigger
problem for Alice is working out how she can trust her own keys. How
does Alice trust Alice?

We all have lots of devices and we are acquiring more. Now that a
computer can be bought for $5 (albeit on a long waiting list), they
are going to accumulate even faster. Last night I bought a couple of
Windows PCs for $100 each (the kickstarter is still open, LattePanda).

Alice is only going to talk to Bob occasionally, she will be talking
to her networked devices constantly and they will be talking to each
other.

Anyone who has set up SSH knows how hard the process of managing keys
actually is. I have two computers and I want to be able to SSH from
either to the other. This sounds all very simple and straightforward
until we remember that the tool we use to connect is SSH. So we end up
with a bootstrap issue.

Looking at instructions on setting up SSH for git on the Web, most are
designed to 'make it work'. The fact that all the machines have the
same private key and this is a bad thing doesn't register. Nor is the
fact that the private key ends up being copied onto public /temp
partitions.

Now try to do the same thing with devices that don't have a keyboard
or a display...

It is possible to do the job right but only just and I certainly would
not want to have to try to explain that to someone else. So lets give
people tools that do the job really right. Every machine has its own
unique private key for each account. The authorized keys files are
maintained automatically so when a new machine is added, it gets the
appropriate authorizations. Server key fingerprints are registered in
the user's central directory, etc.