[Cryptography] PGP Key Signing parties (Trust Link Grid)
Phillip Hallam-Baker
hallam at gmail.com
Sat Nov 2 12:28:13 EDT 2013
On Sat, Nov 2, 2013 at 11:30 AM, Ralf Senderek <crypto at senderek.ie> wrote:
> On 1 Nov 2013 ianG wrote:
>
> Let me talk a bit about CAcert and perhaps other CAs as it presents an
>> illuminating
>> counterpoint. CAcert provides that as a network of Assurers. There are
>> thousands of them
>> across the planet, with about a third concentrated in the Germanic belt
>> of countries.
>>
>
> I can understand that you confront my proposal with the established
> CA-model of
> hierarchical key verification. But my proposal does not intend to provide
> what CAcert
> does.
>
I think that is an unhelpful way to approach the problem. Peer endorsements
and CA endorsements have different effects. Limiting the design to one or
the other is unnecessary.
We don't need to limit ourselves to one approach. A pure peer endorsement
scheme has the problem that none of the links are grounded. I can generate
a large web of trust with 10,000 users in a few hours on one PC.
A pure CA endorsement scheme has the problem that the CA has no personal
knowledge of the subject and can only attest to a process, usually limited
to checking government issued documents.
Combine the two and you can create a mechanism that has a higher work
factor for an attacker than either model on its own. And it then becomes
possible to trust keys from the other side of the world or people that you
have never met.
--
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131102/e2db609b/attachment.html>
More information about the cryptography
mailing list