Keyservers and Spam

John Kelsey kelsey.j at ix.netcom.com
Fri Jun 13 11:56:49 EDT 2003


At 10:27 AM 6/11/03 -0700, bear wrote:
...
>That is the theory.  In practice, as long as the PGP "web of trust"
>depends on connections made through signers not personally known to
>the person depending on the security, it hardly works.  There is
>very little verification done in the web of trust, not even for
>consistency.  There's no way for it to propagate negative information,
>(such as Bob's mention of having observed Alice verifying keys to
>people not known to her) nor, where nyms are easy to come by, any
>way for negative information to attach to a given person.

The thing that strikes me is that the PGP web of trust idea is appropriate 
for very close-knit communities, where reputations matter and people mostly 
know one another.  A key signed by Carl Ellison or Jon Callas actually 
means something to me, because I know those people.  But transitive trust 
is just always a slippery and unsatisfactory sort of thing--the fact that 
Jon Callas trusts Fred Smith trusts John Jones to sign a key doesn' t 
really tell me whether or not I should trust him--by the time we're about 
three hops away, you'd have to be God to know enough to have your signature 
mean anything.

>I don't particularly like the commercial certs, but the thousand
>bucks or so ought to serve as a "bond", in that if people untrust
>the keys, there is real value that will be lost.  That makes it
>require some expenditure of resources to grab a new nym.  However,
>even when provoked - even when root certs have been **SOLD** -
>people still don't untrust them, because the news of the compromise
>doesn't propagate around triggering revokes on individual systems.

A bigger issue is that there's usually no practical way to deal with 
revoking a root key in a PKI, even if there are technical mechanisms to do 
so.  "And then you go out of business" is almost as unsatisfactory a 
protocol step as "And then you go to jail."

>                                 Bear

--John Kelsey, kelsey.j at ix.netcom.com
PGP: FA48 3237 9AD5 30AC EEDD  BBC8 2A80 6948 4CAA F259



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list