| ▲ | woodruffw a day ago |
| There are some niceties here, but I think this is a little thin on the security aspects of the scheme: it's not clear how users establish the authenticity of transitively received petnames, for example. More fundamentally, there's a factor outside of Zooko's triangle: trust isn't really transitive[1]. I trust my doctor and my doctor trusts their sibling, but I don't necessarily trust their sibling. With that being said, I think there's a pretty rich research space here, and I think the edge/local aspects of this design are pretty interesting! I just hope we don't end up with a reinvention of historically insufficient web-of-trust architectures :-) [1]: https://uhra.herts.ac.uk/bitstream/handle/2299/4349/904849.p... |
|
| ▲ | davexunit 21 hours ago | parent | next [-] |
| There's an associated paper that goes through implementing a petname system in a simple chat application. Petnames compose well with object capability security. https://files.spritely.institute/papers/implementation-of-pe... |
| |
| ▲ | woodruffw 21 hours ago | parent [-] | | That's great, but I don't think it addresses the basic point: sharing edge names requires a way to share those names, and that's a trusted third party (one with a degree of centralization, to boot). There are ways to (dis)intermediate that trust (like a PKI), but the shape of that PKI or other technique is itself a question of decentralization, security, etc. I think that's a very hard underlying problem that the petname design needs to at least offer some opinions on in order to make claims about security. | | |
| ▲ | paroneayea 20 hours ago | parent [-] | | Jessica Tallon's implementation of petnames and edge names was extremely simple within the paper davexunit linked, but used in-band mechanisms to communicate edge names that didn't require any sort of large trusted authority. You could retrieve them directly from fellow peers, who could publish their current set of edge names. This even works in a p2p context over ocapn, etc. The implementation was naive but it did work and used a publish-subscribe mechanism directly from other peers. That said, edge names are only one way to share contacts. In fact "share contact" on peoples' phones is a great way to have contextual sharing: "Oh, let me introduce you to my friend Dave. Here's Dave's contact info!" At any rate, petnames aren't a particular technology, they're a design space of "Secure UI/UX". However I do agree more research needs to be done in that space; we've only barely begun to scratch the surface. |
|
|
|
| ▲ | tobr 11 hours ago | parent | prev | next [-] |
| > I trust my doctor and my doctor trusts their sibling, but I don't necessarily trust their sibling. Isn’t that because that’s a different type of trust? For example, you trust your doctor to give you decent medical advice, and they trust their sibling for emotional support. That doesn’t mean their sibling will be supportive of you, or give you good medical advice. |
| |
| ▲ | dwallin 3 hours ago | parent [-] | | Yeah, this is one of the big issues with digital peer trust networks. Trust in human interactions is fuzzy and very conditional, which is hard to collect, represent, and update in a user friendly and low effort way. Hence we tend to collapse it to a single, often-binary, trust score. |
|
|
| ▲ | catlifeonmars 20 hours ago | parent | prev [-] |
| > trust isn’t really transitive Not sure I agree with this. Sure, trust might drop off pretty quickly (like an inverse square law), but I would still trust a friend of a friend over a complete stranger. |
| |
| ▲ | woodruffw 19 hours ago | parent | next [-] | | I would also trust a mutual friend over a complete stranger. But that's not the point of the observation: the observation is that "trust" isn't a boolean, but an umbrella term for a wide range of policies that we apply to different principals. Or in other words: transitive trust is a thing, but it's of a different color than "trust." Attempts to gloss over this in web-of-trust designs have historically not gone well. | | |
| ▲ | smatija 4 hours ago | parent | next [-] | | So you can trust friend of a friend only after awaiting him (with apologies to https://journal.stuffwithstuff.com/2015/02/01/what-color-is-...)? | |
| ▲ | catlifeonmars 18 hours ago | parent | prev [-] | | 100% agree about the difference in meaning between the two uses of “trust”. To be frank I responded after only skimming over your comment, and should have read a bit more closely. FWIW, I think there’s a way to unify those two realms: if you model boolean trust in terms of a random variable and sum over the transitive web à la binomial distribution. |
| |
| ▲ | gregmac 16 hours ago | parent | prev [-] | | I'd argue "friend of a friend" is strong transitivly because it's explicitly chosen by all parties involved. Trust in a professional relation - a doctor, especially - is actually very strong, because of the professional requirements to be trustworthy, and the protections built into that (being held accountable by an organization and/or lawsuits). "Family of friend" or "family of professional" isn't necessarily a strong relation for exactly the opposite reason, unless maybe the first-degree contract is vouching for the person. | | |
| ▲ | catlifeonmars 5 hours ago | parent [-] | | There’s also a compounding effect. If multiple friends vouch for the same stranger that means something too. |
|
|
