[Cryptography] How to build trust in crypto
Ralf Senderek
crypto at senderek.ie
Tue Mar 18 16:03:35 EDT 2014
On Tue, 18 Mar 2014, Bear wrote:
> Bruce's point there is "Trust is not Transitive." It's a
> fundamental flaw in every business-oriented key infrastructure
> so far enacted. There is a problem in associating such keys
> with official identity, but they are not entirely useless in
> the absence of an automated universal way to do so.
[...]
> So anyway, it isn't quite right to claim that keys are
> entirely useless in the absence of an infrastructure to
> automatically establish correspondence to official
> identities.
Not for a second did I claim this, you're missing the point I made.
I stressed the point that the value of a key originates in its
context that I can verify. Your examples are very much valid when I
have other objections than reaching Bruce (the man himself) in a
secure way. I used this case to point out a real deficiency of the
proposed "trust model" that tries to create secure communication
without context. This is impossible if the objective is to get a
secure channel to the one intended recipient.
There are of course other objectives in which trust is less important
and anonymity matters, but only with anonymity and without context
we're not getting what we need most, trusted, secure communication.
And the UI you are referring to is part of it.
--ralf
More information about the cryptography
mailing list