Keyservers and Spam
Bill Frantz
frantz at pwpconsult.com
Fri Jun 13 18:41:29 EDT 2003
At 2:35 PM -0700 6/13/03, Pat Farrell wrote:
>At 11:56 AM 6/13/2003 -0400, John Kelsey wrote:
>>At 10:27 AM 6/11/03 -0700, bear wrote:
>>>That is the theory. In practice, as long as the PGP "web of trust"
>>
>>The thing that strikes me is that the PGP web of trust idea is appropriate
>>for very close-knit communities, where reputations matter and people
>>mostly know one another. A key signed by Carl Ellison or Jon Callas
>>actually means something to me, because I know those people. But
>>transitive trust is just always a slippery and unsatisfactory sort of thing--
>
>I may have missed it, but I thought that the web-o-trust model of PGP has
>generally been dismissed by the crypto community
>precisely because trust is not transitive.
>
>Similarly, the tree structured, hierarchical trust model has failed,
>we currently have a one level, not very trusted model with Verisign
>or Thawte or yourself at the top.
>
>I know from discussions with some of the SPKI folks that encouraging
>self defined trust trees was one of the goals.
>
>Of course, if the size of the tree is small enough, you can just
>use shared secrets.
The HighFire project at Cryptorights
<http://www.cryptorights.org/research/highfire/> is planning on building a
"web of trust" rooted in the NGOs who will be using the system. Each NGO
will have a signing key. A NGO will sign the keys of the people working
for it. In this manner, we have way of saying, "The John Jones who works
for Amnesty International". A NGO may decide to sign another NGO's signing
key. Now we have a way to say to someone in Amnesty, "Send a message to
Steve Smith in Médecins Sans Frontières." The plan is to show the trust
relationship in the UI as a path of keys.
I would appreciate your comments.
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | "A Jobless Recovery is | Periwinkle -- Consulting
(408)356-8506 | like a Breadless Sand- | 16345 Englewood Ave.
frantz at pwpconsult.com | wich." -- Steve Schear | Los Gatos, CA 95032, USA
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list