Hi,
some organisations use a 'corporate key' to sign stuff ; for example 'spamassessin'. Such keys are signed by the board, but the key signs nothing. I think that is reasonable.
The problem is, such a 'corporate key' is not in the strong set.
How do you feel about extending WOT's to the 'reachable set' ?
-- not much bigger ; I guess some 41000 keys
-- you must extract the 'reachable set' anyway to compute the 'strong set' (that's true, isn't it ??)
-- given the 'reachable set' it is very easy to compute the 'strong set', should you want that.
-- a pathfinder using the 'reachable set' is much more useful, and only a little more difficult to make.
Just an idea ; what do you think ?
Henk Penning
PS. The 'reachable set' is the 'strong set' plus all non revoked, non expired keys reachable from the 'strong set', of course.
HPP
---------------------------------------------------------------- _ Henk P. Penning, Computer Systems Group R Uithof CGN-A232 _/ _ Dept of Computer Science, Utrecht University T +31 30 253 4106 / _/ \ Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 251 3791 _/ _/ http://www.cs.uu.nl/staff/henkp.html M penning@cs.uu.nl _/
On Mon, Nov 22, 2004 at 16:35:51 +0100, Henk P. Penning wrote:
Hi,
Hello,
some organisations use a 'corporate key' to sign stuff ; for example 'spamassessin'. Such keys are signed by the board, but the key signs nothing. I think that is reasonable.
So do I.
The problem is, such a 'corporate key' is not in the strong set.
Yes, that is a problem.
How do you feel about extending WOT's to the 'reachable set' ?
I'd like it, and I know many more people would too.
-- not much bigger ; I guess some 41000 keys
True.
-- you must extract the 'reachable set' anyway to compute the 'strong set' (that's true, isn't it ??)
But this is unfortunately wrong. :(
To compute the strong set you need to compute the _reaching_ set, not the reachable set. The only thing we can get from a key is who has signed that key, not what keys it has signed. Your corporate key hasn't signed any other key, so no other key shows any trace of that key. To find the key you'll have to search through all keys on the server.
In the FAQ I'm compiling I have written this:
Why not include the whole reachable or reaching set?
One might imagine including the largest strongly connected set plus the set of keys that can reach that set. However, the advantages are very small. A key owner in that situation has probably just signed a few keys that can be used to reach the rest, and can do searches from those keys instead. Furthermore, including the reaching set will encourage people to sign a random key just to be included.
Including the reachable set is a better idea. However, due to techical reasons regarding the way the key information is extracted, that is much more complicated. The reachable set will probably be included some time in the future. As soon as anyone writes the code to do it.
I also wrote this in reply to a similar question some time ago:
Right now I start with some keys known to be in the large SCS and follow the signatures. This gives me the whole set of keys that can reach the large SCS. I then filter out just the large SCS. Getting the reachable set in a similar way would require looking at each and every key, which would be hard to do once every day. The only realistic solution I can think of right now is to look through every key once and build a database of all signatures, and each day look at all keys changed or added since the last update and update the signature database, go through all keys in the signature database to see if they are still on the key server, and lastly create a .wot file from the signature database. That would actually be quite fast. If someone implements it, I'll use it.
I haven't really thought it through though, so there might be some bug somewhere.
BTW, just a reminder to all of you: Wednesday next week is 2004-12-01, the day we will move to the new file format: http://www.lysator.liu.se/~jc/wotsap/wotfileformat-0.2.txt
Regards, Jörgen
On Mon, 22 Nov 2004, Jorgen Cederlof wrote:
Date: Mon, 22 Nov 2004 18:06:31 +0100 From: Jorgen Cederlof jc@lysator.liu.se To: Henk P. Penning henkp@cs.uu.nl Cc: wotsap-updates@lists.lysator.liu.se, Gerfried Fuchs alfie@ist.org Subject: Re: [Wotsap-updates] strong set <-> reachable set
On Mon, Nov 22, 2004 at 16:35:51 +0100, Henk P. Penning wrote:
-- you must extract the 'reachable set' anyway to compute the 'strong set' (that's true, isn't it ??)
But this is unfortunately wrong. :(
Argh ; where was my brain ?
BTW, just a reminder to all of you: Wednesday next week is 2004-12-01, the day we will move to the new file format:
Thanks for the reminder ; I did the 0.2 stuff.
I noticed the '2004-11-06.fileversion0.2.wot' contains only 23746 keys, a lot less than the 28759 we have today. Are we going to see +/- 5000 keys less in the 2004-12-01 wot ?
FYI, last weekend's "wot comparison" is mentioned here
http://www.cs.uu.nl/people/henkp/henkp/pgp/pathfinder/doc/diff.html
see under 'current version'.
Jörgen
HPP
---------------------------------------------------------------- _ Henk P. Penning, Computer Systems Group R Uithof CGN-A232 _/ _ Dept of Computer Science, Utrecht University T +31 30 253 4106 / _/ \ Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 251 3791 _/ _/ http://www.cs.uu.nl/staff/henkp.html M penning@cs.uu.nl _/
wotsap-updates@lists.lysator.liu.se
-
Henk P. Penning -
Jorgen Cederlof