X.509 / PKI, PGP, and IBE Secure Email Technologies
Ed Gerck
edgerck at nma.com
Fri Dec 16 13:11:28 EST 2005
James A. Donald wrote:
> --
> From: Werner Koch <wk at gnupg.org>
>> You need to clarify the trust model. The OpenPGP
>> standard does not define any trust model at all. The
>> standard merely defines fatures useful to implement a
>> trust model.
>
> "Clarifying the trust model" sounds suspiciously like
> designers telling customers to conform to designer
> procedures. This has not had much success in the past.
>
> People using PGP in practice verify keys out of band,
> not through web of trust.
James,
Yes. Your observation on out-of-band PGP key verification
is very important and actually exemplifies what Werner
wrote. Exactly because there's no trust model defined
a priori, uses can choose the model they want including
one-on-one trust.
This is important because it eliminates the need for a
common root of trust -- with a significant usability
improvement.
If the web of trust is used, the sender and recipient must
a priori trust each other's key signers, requiring a
common root of trust -- that may not even exist to begin
with.
So, instead of worrying about what trust model PGP uses,
the answer is that you can use any trust model you want --
including a hierarchical trust model as used with X.509.
Jon Callas and I had several conversations on trust in
May '97, when Jon visited me for two weeks while I was
in Brazil at the time, I think before the OpenPGP WG was
even working on these issues. This is one of the comments
Jon wrote in a listserv then, with a great insight that
might be useful today:
As I understand it, then, I've been thinking about some
of the wrong issues. For example, I have been wondering
about how exactly the trust model works, and what trust
model can possibly do all the things Dr Gerck is claiming.
I think my confusion comes from my asking the wrong
question. The real answer seems to be, 'what trust model
would you like?' There is a built in notion (the
'archetypical model' in the abstract class) of the meta-
rules that a trust model has to follow, but I might buy a
trust model from someone and add that, design my own, or
even augment one I bought. Thus, I can ask for a
fingerprint and check it against the FBI, Scotland Yard,
and Surite databases, check their PGP key to make sure
that it was signed my Mother Theresa, ask for a letter of
recommendation from either the Pope or the Dalai Lama
(except during Ramadan, when only approval by the Taliban
will do), and then reject them out of hand if I haven't had
my second cup of coffee.
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list