The future of security

bear bear at
Sun May 30 15:36:53 EDT 2004

On Sat, 29 May 2004, Russell Nelson wrote:

>Eugen Leitl writes:
> > If I'm a node in a web of trust (FOAF is a human), prestige will
> > percolate through it completely. That way I can color a whole
> > domain with a nonboolean trust hue, while a domain of fakers will
> > have only very few connections (through compromises, or human
> > mistakes), which will rapidly sealed, once actually used to do
> > something to lower their prestige ("I signed the key of a spammer,
> > please kill me now").
>The trouble is that it requires human action, which is expensive and
>becoming more expensive.

The bigger problem is that webs of trust don't work.
They're a fine idea, but the fact is that nobody keeps
track of the individual trust relationships or who signed
a key;  few people even bother to find out whether there's
a path of signers that leads from them to another person,
or whether the path has some reasonably small distance.

I have not yet seen an example of "reputation" favoring
one person over another in a web of trust model; it looks
like people can't be bothered to keep track of the trust
relationships or reputations within the web.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list