At 11:56 AM 6/13/2003 -0400, John Kelsey wrote:
At 10:27 AM 6/11/03 -0700, bear wrote:
That is the theory. In practice, as long as the PGP "web of trust"

The thing that strikes me is that the PGP web of trust idea is appropriate for very close-knit communities, where reputations matter and people mostly know one another. A key signed by Carl Ellison or Jon Callas actually means something to me, because I know those people. But transitive trust is just always a slippery and unsatisfactory sort of thing--

I may have missed it, but I thought that the web-o-trust model of PGP has generally been dismissed by the crypto community precisely because trust is not transitive.

Similarly, the tree structured, hierarchical trust model has failed,
we currently have a one level, not very trusted model with Verisign
or Thawte or yourself at the top.

I know from discussions with some of the SPKI folks that encouraging
self defined trust trees was one of the goals.

Of course, if the size of the tree is small enough, you can just
use shared secrets.

Pat


Pat Farrell [EMAIL PROTECTED] http://www.pfarrell.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to