Keysigning @ CFP2003

bear bear at sonic.net
Tue Mar 25 12:25:57 EST 2003



On Tue, 25 Mar 2003, Matt Crawford wrote:

>Has anyone ever weighted a PGP key's certification value as a
>function of how many keys it's know to have certified?

An interesting idea: At one extreme you could view the whole
universe as having a finite amount of trust and every
certification is a transfer of some trust from one person to
another. But then companies like verisign, after the first
thousand or so certs,  would have nothing left to sell.

At the other,  you could view verisign as providing a fairly
reliable indication, not necessarily of who X is, but certainly
of the fact that somebody was willing to spend thousands of
dollars to claim to be X and the financial records are on file
if you absolutely need to figure out who that was, so they
"create" trust in a way that most keysigners don't.

Neither model is perfect, but the latter one seems to have more
appeal to people in protecting financial transactions and the
former to people who are more concerned about personal privacy.

				Bear


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list