|
|
|
|
|
|
by purplehat_
20 days ago
|
|
|
The first bit seems possibly solvable with private set intersection. You can publish a salted hash of everybody you trust, and I can compute hashes of everyone I trust with your salt to see if we have anyone in common. Then I check the signature corresponding to the salted hash I like, and hopefully it doesn't reveal anything you don't want to reveal. I don't know if anyone has actually done this in practice. Does it work? |
|
|
It is pretty useful for someone totally outside the trust graph to be able to prove the key that just signed the latest release of stagex is only a couple steps away from the keys that sign debian and the Linux kernel. Keys that long predate AI.
Public trust accountability is exactly what we want from people responsible for the legos that make up the internet.
You can of course have private signature packets revealed as needed though.