The future of security

bear bear at sonic.net
Mon May 31 23:27:49 EDT 2004



On Mon, 31 May 2004, Eugen Leitl wrote:

>> The bigger problem is that webs of trust don't work.
>> They're a fine idea, but the fact is that nobody keeps
>> track of the individual trust relationships or who signed
>
>The point of an automated web of trust is that the machine is doing the
>accounting for you.

Does it?  If there were meaningful reputation accounting
happening, we'd be getting feedback and value judgements
from the system on the people we were corresponding with.
Have you ever seen any?

Has there been *ANY* instance of negative consequences
accruing to someone who signed the key of an entity which
later defected?  Machine-moderated or not, the web of
trust fails.

Have you seen any web-of-trust implementation that even
*considers* the trustworthiness of the key servers?  Have
you seen any web-of-trust implementation that works to
cut out defectors, but couldn't be "autospammed" to cut
out anyone you didn't like?

Sorry; but the fact is no web-of-trust implementation to
date works, or even comes close to working.

				Bear

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list