foaf+ssl, pki and the duck-rabbit

In part II §xi of the "Philosophical Investigations", Ludwig Wittgenstein introduces the duck-rabbit figure:

I shall call the following figure derived from Jastrow, the duck-rabbit. It can be seen as a rabbit's head or as a duck's. And I must distinguish between the 'continuous seeing' of an aspect and the 'dawning' of an aspect.

The picture might have been shewn me, and I never have seen anything but a rabbit in it.

It is worth stopping here and considering that illustration carefully, making sure you can see it one way then the other. There is no illusion here notice. There is not one correct way to see the line. The figure itself is ambiguous. The duck-rabbit therefore shows very simply how the way we perceive the world can change without any new fact appearing in the world.

Is that not what magic does?

Much more complex examples of this phenomenon can be found. In some cases it is much more difficult to switch between meanings. I find this for the Young Woman Old Woman image for example. I really need to work hard there to see the other interpretation, and when I find that interpretation I find switching back very difficult.

Recently I have felt that the foaf+ssl protocol does something similar to Public Key Cryptography (PKI). We use a tool that was always meant to be used one way, in a completely different way, a way of course that was always permitted, but that nobody saw (or if they did they did not pursue it openly).

To perceive this different way of using this tool one has to - just as with the duck-rabbit - look at it differently. One has to see it in a new way, or perhaps even use it in a new way. Whereas PKI is used for hierarchical trust, we use it to build a web of trust. Where X509 certs built up a lot on the Distinguished Name hierarchy, we nearly ignore it. Where X509 tried to place information in the certificate, we place it outside at the name location. Even though SSL can request client certificates in the browser, nobody does this, yet we build on this little known feature. Self signed client certificates, which would not have made sense in traditional PKI infrastructure, because they proove nearly nothing about the client, is what we build everything on....

All the usual X509 and ssl tools work just as they should, but magically it seems they are suddenly found to be doing something completely different.

Comments:

Very clever :)

I kind of felt this way when I first read about REST; using the HTTP verbs to perform CRUD operations and such, seemed so novel, so simple, and so BRAND NEW. I guess that had always been Tim Berners-Lee's intent, but it was all new to me, and changed my perception of HTTP without any new facts.

Posted by Dustin Whitney on December 30, 2008 at 04:01 PM CET #

The problem (I think) with how you use the certs though is that the real trust (if Juliet does not know Romeo a priori) is that Juliet's friends know Romeo, and when I say "know", I don't mean that in any cryptographic sense (Juliet's friends haven't signed Romeo's key/key fingerprint for example). Why wouldn't it then be enough for Juliet to base her trust on the appearance of Romeo's OpenID in her friends' FOAF files, for example?

I like the web of trust model, but in order for there to be verifiable trust based on certs/keys, don't you also need key/cert/fingerprint signing parties? http://en.wikipedia.org/wiki/Key_signing_party

Posted by John Kemp on January 16, 2009 at 07:01 AM CET #

Hi John,

your comment would more properly belong to
http://blogs.sun.com/bblfish/entry/foaf_ssl_adding_security_to
which describes the protocol.

I'll copy it over there, and answer it.

Posted by Henry Story on January 17, 2009 at 06:07 AM CET #

John, the answer to your question ended up being long enough that I wrote a new blog post to answer it:

http://blogs.sun.com/bblfish/entry/more_on_authorization_in_foaf

Posted by Henry Story on January 17, 2009 at 08:02 AM CET #

Post a Comment:
Comments are closed for this entry.
About

bblfish

Search

Archives
« April 2015
MonTueWedThuFriSatSun
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today