The future of security

Eugen Leitl eugen at leitl.org
Tue Jun 1 15:30:23 EDT 2004 

On Mon, May 31, 2004 at 08:27:49PM -0700, bear wrote:

> >The point of an automated web of trust is that the machine is doing the
> >accounting for you.
> 
> Does it?  If there were meaningful reputation accounting

You got fooled by the present tense. If there was such an architecture, I
wouldn't have written that message. The distributed tamper-proof
cryptographic p2p store should have been a dead giveaway.

> happening, we'd be getting feedback and value judgements
> from the system on the people we were corresponding with.
> Have you ever seen any?

No, of course. See above.
 
> Has there been *ANY* instance of negative consequences
> accruing to someone who signed the key of an entity which
> later defected?  Machine-moderated or not, the web of
> trust fails.

The web of trust sure fails, dunno about machine-moderated. 
There's no such animal yet.
 
> Have you seen any web-of-trust implementation that even
> *considers* the trustworthiness of the key servers?  Have
> you seen any web-of-trust implementation that works to
> cut out defectors, but couldn't be "autospammed" to cut
> out anyone you didn't like?

If you don't have their key, you can't pretend to sign the spambots'. If you
sign the spambots', you burn whatever little prestige you have happened to
start out with, and drained the mana of whatever hapless warm body signed
your keys.
 
> Sorry; but the fact is no web-of-trust implementation to
> date works, or even comes close to working.

Web of trust is useless, if Johnny User is supposed to do 
the checking.

-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20040601/77df652e/attachment.pgp>

More information about the cryptography mailing list