Keyservers and Spam
John Kelsey
kelsey.j at ix.netcom.com
Fri Jun 13 11:56:49 EDT 2003
At 10:27 AM 6/11/03 -0700, bear wrote:
...
>That is the theory. In practice, as long as the PGP "web of trust"
>depends on connections made through signers not personally known to
>the person depending on the security, it hardly works. There is
>very little verification done in the web of trust, not even for
>consistency. There's no way for it to propagate negative information,
>(such as Bob's mention of having observed Alice verifying keys to
>people not known to her) nor, where nyms are easy to come by, any
>way for negative information to attach to a given person.
The thing that strikes me is that the PGP web of trust idea is appropriate
for very close-knit communities, where reputations matter and people mostly
know one another. A key signed by Carl Ellison or Jon Callas actually
means something to me, because I know those people. But transitive trust
is just always a slippery and unsatisfactory sort of thing--the fact that
Jon Callas trusts Fred Smith trusts John Jones to sign a key doesn' t
really tell me whether or not I should trust him--by the time we're about
three hops away, you'd have to be God to know enough to have your signature
mean anything.
>I don't particularly like the commercial certs, but the thousand
>bucks or so ought to serve as a "bond", in that if people untrust
>the keys, there is real value that will be lost. That makes it
>require some expenditure of resources to grab a new nym. However,
>even when provoked - even when root certs have been **SOLD** -
>people still don't untrust them, because the news of the compromise
>doesn't propagate around triggering revokes on individual systems.
A bigger issue is that there's usually no practical way to deal with
revoking a root key in a PKI, even if there are technical mechanisms to do
so. "And then you go out of business" is almost as unsatisfactory a
protocol step as "And then you go to jail."
> Bear
--John Kelsey, kelsey.j at ix.netcom.com
PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list