hodlbod on Nostr: The term "trust" in "web of trust" refers to authentication, not to authorization. In ...
The term "trust" in "web of trust" refers to authentication, not to authorization. In other words, web of trust provides an attestation of the authenticity of a given identity, independent of application. Follow lists do a great job of this.
Only leveraging the authenticity of a given pubkey relative to yourself for a particular purpose other than fetching and displaying social content (the explicit intention behind "follows") requires additional information. Often this can be provided by the user through common sense (e.g. identifying a satire account), or addition attestations (I fully/partially trust this person for purpose x, and transitively trust them to make the same kind of attestations about other accounts).
Follow-based web of trust authentication is a substrate upon which unqualified and qualified web of trust application-specific authorization can be built.
This thought courtesy of my reading of Ashish Gulhati's essay "Secure Communication: The Technology of Freedom" in "Beautiful Code" this fine Sunday afternoon.
Published at
2024-10-13 21:21:41Event JSON
{
"id": "a05c680016c2b3a4a8a43af59084f072d439fdb659db1c35a2f06c95483aaf98",
"pubkey": "97c70a44366a6535c145b333f973ea86dfdc2d7a99da618c40c64705ad98e322",
"created_at": 1728854501,
"kind": 1,
"tags": [
[
"client",
"Coracle",
"31990:97c70a44366a6535c145b333f973ea86dfdc2d7a99da618c40c64705ad98e322:1685968093690"
]
],
"content": "The term \"trust\" in \"web of trust\" refers to authentication, not to authorization. In other words, web of trust provides an attestation of the authenticity of a given identity, independent of application. Follow lists do a great job of this. \n\nOnly leveraging the authenticity of a given pubkey relative to yourself for a particular purpose other than fetching and displaying social content (the explicit intention behind \"follows\") requires additional information. Often this can be provided by the user through common sense (e.g. identifying a satire account), or addition attestations (I fully/partially trust this person for purpose x, and transitively trust them to make the same kind of attestations about other accounts).\n\nFollow-based web of trust authentication is a substrate upon which unqualified and qualified web of trust application-specific authorization can be built.\n\nThis thought courtesy of my reading of Ashish Gulhati's essay \"Secure Communication: The Technology of Freedom\" in \"Beautiful Code\" this fine Sunday afternoon.",
"sig": "23058554a043756b46bc02ad2a70425aa071a8751180d0c2fe2967b30b8deeff568d28500c45fa01e50ea961d83a902b5989445ca21f4f0ac35dd6098a5777d1"
}