%0 Conference Proceedings
%T Progression and Forecast of a Curated Web-of-Trust: A Study on the Debian Project’s Cryptographic Keyring
%+ Universidad Nacional Autónoma de México = National Autonomous University of Mexico (UNAM)
%A Wolf, Gunnar
%A González Quiroga, Víctor
%Z Part 4: Case Studies
%< avec comité de lecture
%( IFIP Advances in Information and Communication Technology
%B 13th IFIP International Conference on Open Source Systems (OSS)
%C Buenos Aires, Argentina
%Y Federico Balaguer
%Y Roberto Di Cosmo
%Y Alejandra Garrido
%Y Fabio Kon
%Y Gregorio Robles
%Y Stefano Zacchiroli
%I Springer International Publishing
%3 Open Source Systems: Towards Robust Practices
%V AICT-496
%P 117-127
%8 2017-05-22
%D 2017
%R 10.1007/978-3-319-57735-7_12
%K Trust management
%K Cryptography
%K Keyring
%K Survival
%K Aging
%K curated Web of Trust
%Z Computer Science [cs]Conference papers
%X The Debian project is one of the largest free software undertakings worldwide. It is geographically distributed, and participation in the project is done on a voluntary basis, without a single formal employee or directly funded person. As we will explain, due to the nature of the project, its authentication needs are very strict—User/password schemes are way surpassed, and centralized trust management schemes such as PKI are not compatible with its distributed and flat organization; fully decentralized schemes such as the PGP Web of Trust are insuficient by themselves. The Debian project has solved this need by using what we termed a “curated Web of Trust”.We will explain some lessons learned from a massive key migration process that was triggered in 2014. We will present the social insight we have found from examining the relationships expressed as signatures in this curated Web of Trust, some recommendations on personal key-signing policies, and a statistical study and forecast on aging, refreshment and survival of project participants stemming from an analysis on their key-handling.
%G English
%Z TC 2
%Z WG 2.13
%2 https://inria.hal.science/hal-01776318/document
%2 https://inria.hal.science/hal-01776318/file/432701_1_En_12_Chapter.pdf
%L hal-01776318
%U https://inria.hal.science/hal-01776318
%~ IFIP
%~ IFIP-AICT
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-OSS
%~ IFIP-TC2
%~ IFIP-WG2-13
%~ IFIP-AICT-496