Insights on the large-scale deployment of a curated Web-of-Trust: the Debian project’s cryptographic keyring
Abstract The Debian project is one of the largest free software undertakings worldwide. It is geographically distributed, and participation in the project is done on a voluntary basis, without a single formal employee or directly funded person. As we will explain, due to the nature of the project, i...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Brazilian Computing Society (SBC)
2018-05-01
|
| Series: | Journal of Internet Services and Applications |
| Subjects: | |
| Online Access: | http://link.springer.com/article/10.1186/s13174-018-0082-7 |
| _version_ | 1819025647026044928 |
|---|---|
| author | Gunnar Wolf Víctor González Quiroga |
| author_facet | Gunnar Wolf Víctor González Quiroga |
| author_sort | Gunnar Wolf |
| collection | DOAJ |
| description | Abstract The Debian project is one of the largest free software undertakings worldwide. It is geographically distributed, and participation in the project is done on a voluntary basis, without a single formal employee or directly funded person. As we will explain, due to the nature of the project, its authentication needs are very strict - User/password schemes are way surpassed, and centralized trust management schemes such as PKI are not compatible with its distributed and flat organization; fully decentralized schemes such as the OpenPGP Web of Trust are insufficient by themselves. The Debian project has solved this need by using what we termed a “curated Web of Trust”. We will explain some lessons learned from a massive key migration process that was triggered in 2014. We will present the social insight we have found from examining the relationships expressed as signatures in this curated Web of Trust, as well as a statistical study and forecast on aging, refreshment and survival of project participants stemming from an analysis on their key’s activity within the keyring. |
| first_indexed | 2024-12-21T05:14:00Z |
| format | Article |
| id | doaj.art-d6a01211777d4531b8380223c50a8214 |
| institution | Directory Open Access Journal |
| issn | 1867-4828 1869-0238 |
| language | English |
| last_indexed | 2024-12-21T05:14:00Z |
| publishDate | 2018-05-01 |
| publisher | Brazilian Computing Society (SBC) |
| record_format | Article |
| series | Journal of Internet Services and Applications |
| spelling | doaj.art-d6a01211777d4531b8380223c50a82142022-12-21T19:14:58ZengBrazilian Computing Society (SBC)Journal of Internet Services and Applications1867-48281869-02382018-05-019111210.1186/s13174-018-0082-7Insights on the large-scale deployment of a curated Web-of-Trust: the Debian project’s cryptographic keyringGunnar Wolf0Víctor González Quiroga1Instituto de Investigaciones Económicas, Universidad Nacional Autónoma de MéxicoFacultad de Ciencias, Universidad Nacional Autónoma de MéxicoAbstract The Debian project is one of the largest free software undertakings worldwide. It is geographically distributed, and participation in the project is done on a voluntary basis, without a single formal employee or directly funded person. As we will explain, due to the nature of the project, its authentication needs are very strict - User/password schemes are way surpassed, and centralized trust management schemes such as PKI are not compatible with its distributed and flat organization; fully decentralized schemes such as the OpenPGP Web of Trust are insufficient by themselves. The Debian project has solved this need by using what we termed a “curated Web of Trust”. We will explain some lessons learned from a massive key migration process that was triggered in 2014. We will present the social insight we have found from examining the relationships expressed as signatures in this curated Web of Trust, as well as a statistical study and forecast on aging, refreshment and survival of project participants stemming from an analysis on their key’s activity within the keyring.http://link.springer.com/article/10.1186/s13174-018-0082-7Trust managementCryptographyKeyringSurvivalAgingCurated web of trust |
| spellingShingle | Gunnar Wolf Víctor González Quiroga Insights on the large-scale deployment of a curated Web-of-Trust: the Debian project’s cryptographic keyring Journal of Internet Services and Applications Trust management Cryptography Keyring Survival Aging Curated web of trust |
| title | Insights on the large-scale deployment of a curated Web-of-Trust: the Debian project’s cryptographic keyring |
| title_full | Insights on the large-scale deployment of a curated Web-of-Trust: the Debian project’s cryptographic keyring |
| title_fullStr | Insights on the large-scale deployment of a curated Web-of-Trust: the Debian project’s cryptographic keyring |
| title_full_unstemmed | Insights on the large-scale deployment of a curated Web-of-Trust: the Debian project’s cryptographic keyring |
| title_short | Insights on the large-scale deployment of a curated Web-of-Trust: the Debian project’s cryptographic keyring |
| title_sort | insights on the large scale deployment of a curated web of trust the debian project s cryptographic keyring |
| topic | Trust management Cryptography Keyring Survival Aging Curated web of trust |
| url | http://link.springer.com/article/10.1186/s13174-018-0082-7 |
| work_keys_str_mv | AT gunnarwolf insightsonthelargescaledeploymentofacuratedweboftrustthedebianprojectscryptographickeyring AT victorgonzalezquiroga insightsonthelargescaledeploymentofacuratedweboftrustthedebianprojectscryptographickeyring |