And I get to sit in the middle, like a fat spider in a web, and all your secrets belong to me.
Now, the easiest way to fix this is to really widely advertise your public key. If it’s
There’s a cheaper way of fixing man-in-the-middle: the web of trust. Say that before you leave HQ, you and your bosses sit down over coffee and actually tell each other your keys. No more man-in-the-middle! You’re absolutely certain whose keys you have, because they were put into your own hands.
So far, so good. But there’s a natural limit to this: how many people can you physically meet with and swap keys? How many hours in the day do you want to devote to the equivalent of writing your own phone book? How many of those people are willing to devote that kind of time to you?
Thinking about this like a phonebook helps. The world was once a place with a lot of phonebooks, and when you needed a number, you could look it up in the book. But for many of the numbers that you wanted to refer to on a given day, you would either know it by heart, or you’d be able to ask someone else. Even today, when I’m out with my cell-phone, I’ll ask Jolu or Darryl if they have a number I’m looking for. It’s faster and easier than looking it up online and they’re more reliable, too. If Jolu has a number, I trust him, so I trust the number, too. That’s called “transitive trust” — trust that moves across the web of our relationships.
A web of trust is a bigger version of this. Say I meet Jolu and get his key. I can put it on my “keyring” — a list of keys that I’ve signed with my private key. That means you can unlock it with my public key and know for sure that me — or someone with my key, anyway — says that “this key belongs to this guy.”
So I hand you my keyring and provided that you trust me to have actually met and verified all the keys on it, you can take it and add it to your keyring. Now, you meet someone else and you hand the whole ring to him. Bigger and bigger the ring grows, and provided that you trust the next guy in the chain, and he trusts the next guy in his chain and so on, you’re pretty secure.
Which brings me to keysigning parties. These are
So that’s why web of trust and parties go together like peanut butter and chocolate.
“Just tell them it’s a super-private party, invitational only,” I said. “Tell them not to bring anyone along or they won’t be admitted.”
Jolu looked at me over his coffee. “You’re joking, right? You tell people that, and they’ll bring
“Argh,” I said. I spent a night a week at Jolu’s these days, keeping the code up to date on indienet. Pigspleen actually paid me a non-zero sum of money to do this, which was really weird. I never thought I’d be paid to write code.
“So what do we do? We only want people we really trust there, and we don’t want to mention why until we’ve got everyone’s keys and can send them messages in secret.”
Jolu debugged and I watched over his shoulder. This used to be called “extreme programming,” which was a little embarrassing. Now we just call it “programming.” Two people are much better at spotting bugs than one. As the cliche goes, “With enough eyeballs, all bugs are shallow.”
We were working our way through the bug reports and getting ready to push out the new rev. It all auto- updated in the background, so our users didn’t really need to do anything, they just woke up once a week or so with a better program. It was pretty freaky to know that the code I wrote would be used by hundreds of thousands of people,
“What do we do? Man, I don’t know. I think we just have to live with it.”
I thought back to our Harajuku Fun Madness days. There were lots of social challenges involving large groups of people as part of that game.
“OK, you’re right. But let’s at least try to keep this secret. Tell them that they can bring a maximum of one person, and it has to be someone they’ve known personally for a minimum of five years.”
Jolu looked up from the screen. “Hey,” he said. “Hey, that would totally work. I can really see it. I mean, if you told me not to bring anyone, I’d be all, ‘Who the hell does he think he is?’ But when you put it that way, it sounds like some awesome 007 stuff.”
I found a bug. We drank some coffee. I went home and played a little Clockwork Plunder, trying not to think about key-winders with nosy questions, and slept like a baby.
Sutro baths are San Francisco’s authentic fake Roman ruins. When it opened in 1896, it was the largest indoor bathing house in the world, a huge Victorian glass solarium filled with pools and tubs and even an early water slide. It went downhill by the fifties, and the owners torched it for the insurance in 1966. All that’s left is a labyrinth of weathered stone set into the sere cliff-face at Ocean Beach. It looks for all the world like a Roman ruin, crumbled and mysterious, and just beyond them is a set of caves that let out into the sea. In rough tides, the waves rush through the caves and over the ruins — they’ve even been known to suck in and drown the occasional tourist.
Ocean Beach is way out past Golden Gate park, a stark cliff lined with expensive, doomed houses, plunging down to a narrow beach studded with jellyfish and brave (insane) surfers. There’s a giant white rock that juts out of the shallows off the shore. That’s called Seal Rock, and it used to be the place where the sea lions congregated until they were relocated to the more tourist-friendly environs of Fisherman’s Wharf.
After dark, there’s hardly anyone out there. It gets very cold, with a salt spray that’ll soak you to your bones if you let it. The rocks are sharp and there’s broken glass and the occasional junkie needle.
It is an awesome place for a party.
Bringing along the tarpaulins and chemical glove-warmers was my idea. Jolu figured out where to get the beer — his older brother, Javier, had a buddy who actually operated a whole underage drinking service: pay him enough
