Note: The Rootsweb Mailing Lists will be shut down on April 6, 2023. (More info)
RootsWeb.com Mailing Lists
Home

Results for list 'gencmp'

Total: 3/3
    1. Re: Trust in genealogical applications [Was: Re: How Should We Store Evidence in Genealogical Databases?
    2. Ian Goddard

    3. Richard Smith wrote: > [Pulling together the replies to two posts by Ian Goddard as they seem > to overlap.] > > On May 30, 11:40 am, Ian Goddard <[email protected]> wrote: > >>>> 3. If someone did decide to massage a record they could simply re-sign >>>> it with their own private key so the advantages could be illusory. >>> They've signed it with their private key rather than the original >>> source's private key. This is easily detectable. >> Not really. You would end up with two versions of the record, each >> correctly signed with a private key. You only know which is the >> original version if you know the original source. > > Well, a signed piece of a data is only as trustworthy as the signing > party. All that the digital signature guarantees is that the data > hasn't been changed since it was signed. How the data was produced is > beyond the scope of a digital signature. Specifically: digital > signatures are not designed to prevent or detect unauthorised copying. > > If you have two versions of the record, each correctly signed, then > you have to make a decision on which (if either) party you trust. But > this is just the same if you've only got one piece of signed data? > Should you trust the author? Even today, with unsigned data, you have > that problem. > > On May 30, 11:06 am, Ian Goddard <[email protected]> wrote: > >> Someone picks up a copy of one of someresource.org's records and wants >> to check the digital signature. They can't because the public key is no >> longer there. Unless, of course, copies of the public key are also >> being distributed with the other records. > > It's a common enough problem, and I think allowing for signed > distribution of the old key is the usual way to handle it. > > It should be standard practice for applications to store the public > key of any source they've ever used. This allows for detection of a > man-in-the-middle attack -- in practice, we probably don't care too > much about this in a genealogy application, but assuming we're using > an existing PKI, we'll get it for free. > > Suppose someresource.org (who originally signed the data) is no more > and you decide to send me a copy of some of the data that you had > downloaded from the site. You have a copy of their public key > (because your software stores these indefinitely), and a copy of the > signed data. So you sign both of these and pass them on to me. > > So I now have your public key, their public key signed by you, and > their data signed by them and then by you. Perhaps I now make some > inferences based on this data -- for example, how the individuals > named in it are related. Some time later, I may wish to pass this on: > so I sign your public key; add my signature to yours on the > someresource.org key and on the data from them; and encode my > inferences and sign them. I then hand over four things to the third > party, who simultaneously gets my public key. > > What we're forming is a chain of trust. We all trust someresource.org > to ship data of a good quality, double-checked against the sources. I > trust you to be honest -- that is, not to alter the data from > someresource.org and then re-sign it with a different key. It doesn't > matter whether or not I trust you to be a good genealogist. The third > party who I pass everything on to needs to trust me to be honest and > competent to make the inferences I have and trust you to be honest. > > A few years later, I might get a copy of the someresource.org key from > someone else, and I can now verify that you were indeed being honest > in passing the data on to me. This might make me more inclined to > trust you in the future. > > And so on... > >> OK, so instead of everyone publishing their keys alongside the record >> they publish them at someotherresource.org. But 10 years later..... > > The solution there is to have lots of sites all storing keys, and all > acting as backups of each other. This already exists. They're called > public key servers. Assuming a genealogy application uses an existing > PKI, it can simply make use of existing key servers. It's incredibly > unlikely that all of these would vanish simultaneously, and because > there are lots of them, someone wishing to compromise the system would > need to compromise most of the key servers simultaneously. That's > highly unlikely to happen. > > And with the advent of key servers, a large part of the chain of trust > vanishes. If I got data from A via B, C, D and E, then without a key > server, I need to trust each of these parties; but with a key server, > I only need to trust everything back from the earliest link in the > chain that has a key on a public key server. So if B, D and E all > have keys on some key servers, then I only need to trust A and B; and, > of course, the key servers themselves, but trust there is established > by vote across many servers. > > The good thing about this sort of distributed system is that many of > the problems have already been solved -- often by peer-to-peer > networks with nefarious purposes. The bottom line is, does the extra baggage add sufficient or, indeed, any value to a genealogical system? -- Ian The Hotmail address is my spam-bin. Real mail address is iang at austonley org uk

    05/30/2011 09:44:48
    1. Re: Trust in genealogical applications [Was: Re: How Should We Store Evidence in Genealogical Databases?
    2. Richard Smith

    3. On May 30, 3:44 pm, Ian Goddard <[email protected]> wrote: > The bottom line is, does the extra baggage add sufficient or, indeed, > any value to a genealogical system? It's a good question, and the honest answer is I don't know. If it's sufficiently unobtrusive, then perhaps it could be. I do wonder whether something like this might be able to restore some credibility to massively collaborative genealogies like Ancestry's "One World Tree", and Family Search's "Ancestral File". At the moment, these have lots of really good, accurate information in them, and also a vast amount of complete nonsense that devalues the whole project. It's not an idea I've fully thought through, but I do think it would be possible to implement a massively distributed genealogy along these lines that doesn't suffer from the credibility problems usually associated with such projects. And I'm pretty sure that making it possible to see with complete confidence who had contributed what is a necessary part of that. So yes, I think it might have it's place. Richard

    05/30/2011 10:08:26
    1. Re: Trust in genealogical applications [Was: Re: How Should We Store Evidence in Genealogical Databases?
    2. Wes Groleau

    3. On 05-30-2011 19:08, Richard Smith wrote: > I do wonder whether something like this might be able to restore some > credibility to massively collaborative genealogies like Ancestry's > "One World Tree", and Family Search's "Ancestral File". At the > moment, these have lots of really good, accurate information in them, > and also a vast amount of complete nonsense that devalues the whole As I've complained about in other thread, many of Ancestry's practices convince me that credibility is far below selling subscriptions in their priority list. They have apparently figured out that most people will believe anything and so "anything" is what they offer. -- Wes Groleau There are two types of people in the world … http://Ideas.Lang-Learn.us/barrett?itemid=1157

    05/30/2011 07:09:12