Re: Why are we here? What are our goals?

[Chuq Von Rospach <chuqui@xxxxxxxxxxxxxx>]

On Jan 30, 2004, at 9:48 AM, Paul Crowley wrote:

> I'd be interested to know if you've looked at modern attack resistant
> trust metrics in detail before saying that.  Metrics like Advogato,
> PageRank, and my own TrustFlow are explicitly designed to resist
> attackers who try to artifically inflate their trust through mass
> identity creation.

At a simple level, yes. In detail, no. But I don't believe that 
web-of-trust or social-networking metrics are the way a server should 
define its trust model. perhaps as a service an admin can choose to 
interface to, but I think those issues are outside of the scope of what 
we should be doing here, other than making allowances for them to be 
interfaced to the system if an admin chooses to. So let us focus on 
building core features and a way to plug these things in, let's not try 
to build them in, especially in areas (like security) that are still 
under active investigation and advancement where we don't know what 
techniques we ultimately want to use (or where, I think, we'll find 
different groups will want to use different techniques that serve 
different needs). This is one of those places where I think "thinking 
globally" is a bad idea -- there is no "one true way", so let's focus 
on a way to interface to "many different pretty good ways" and not 
hardcode things into the standard/RFC/protocol that don't need to be. 
Emphasis is extendability and flexibility, not necessarily features...