hello all
I have an objection in the model of the web of trust that Ucoin follows.
I think the web of trust should be done into the level of assemblies , and not into the level of individuals. Or at least you should support both models.
We can solve the problem of trust and the problem on “one person-one public key” in Ucoin, with assemblies. Credentials should not be produced of course by a central authority, but in a decentralized way.
The procedure is simple.
We give the specifications of the credentials, and every Ucoin member creates a pair of public and private keys in his/her home and print the public one (print it in QR code is preferable). Then a Ucoin assembly takes place, and behind the polling both people put the printed public key into an envelope, then they put the envelope into a physical ballot box. Then the ballot box opens, the public keys are scanned, and a committee announces a list of valid public keys. Everyone confirms that his/her public key is inside the list, whithout of course revealing what the key is.
Those public keys are anonymoys now, and can be used for anonymous ucoin money until the next cryptoparty, where the above explained procedure will be repeated. We have to repeat cryptoparties once in a while (every 4 years?), because it is possible for some people to lose their credentials, for whatever reason.
The first assembly should elect at least one trusted representative, that must observe any next assembly and confirm that the exchange of the keys in the cryptoparty took place in a correct manner (means ensuring that no person can have 2 keys). The second assembly will also elect at least one trusted observer to inspect the next assemblies, and so on…
Alternatively if we dont want to elect representatives designated to observe any following assembly (it is a hard work, isnt it?), then all the cryptoparty Ucoin assemblies should take place the same day and time (it is impossible for a person to be in two places at the same time!). Of course in the case of concurrent assemblies, in every assembly at least one person should participate that he/she is sent (as a trusted one) by each of all the other assemblies (without of course having already apply anywhere credentials, by no means! The envoy should apply credentials only at the place of dispatch, otherwise the “one person-one credential” rule is abused)
**This is the model Ucoin should follow. **
TRUST AMONG ASSEMBLIES AND NOT TRUST AMONG INDIVIDUALS.
Or at least you should support both models.
Technical suggestion:
With a few changes in the code we could make for every individual of the web of trust to be able to have multiple public keys instead of having just one public key. And of course every public key will receive the Universal Dividend. That way the Ucoin individual is transformed as equivalant to an assembly with a list of public keys. That way you can support in Ucoin both models, and the model of individual trust and the model of assemblies trust. And let the community to decide in what mode they will run the Ucoin software, in the individual mode or in the assembly one.