Keyservers and Spam
Pat Farrell
pfarrell at pfarrell.com
Fri Jun 13 17:35:17 EDT 2003
At 11:56 AM 6/13/2003 -0400, John Kelsey wrote:
>At 10:27 AM 6/11/03 -0700, bear wrote:
>>That is the theory. In practice, as long as the PGP "web of trust"
>
>The thing that strikes me is that the PGP web of trust idea is appropriate
>for very close-knit communities, where reputations matter and people
>mostly know one another. A key signed by Carl Ellison or Jon Callas
>actually means something to me, because I know those people. But
>transitive trust is just always a slippery and unsatisfactory sort of thing--
I may have missed it, but I thought that the web-o-trust model of PGP has
generally been dismissed by the crypto community
precisely because trust is not transitive.
Similarly, the tree structured, hierarchical trust model has failed,
we currently have a one level, not very trusted model with Verisign
or Thawte or yourself at the top.
I know from discussions with some of the SPKI folks that encouraging
self defined trust trees was one of the goals.
Of course, if the size of the tree is small enough, you can just
use shared secrets.
Pat
Pat Farrell pfarrell at pfarrell.com
http://www.pfarrell.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list