James A. Donald wrote:
From:                   Werner Koch <[EMAIL PROTECTED]>
You need to clarify the trust model.  The OpenPGP
standard does not define any trust model at all.  The
standard merely defines fatures useful to implement a
trust model.

"Clarifying the trust model" sounds suspiciously like
designers telling customers to conform to designer
procedures.  This has not had much success in the past.

People using PGP in practice verify keys out of band,
not through web of trust.


Yes. Your observation on out-of-band PGP key verification
is very important and actually exemplifies what Werner
wrote. Exactly because there's no trust model defined
a priori, uses can choose the model they want including
one-on-one trust.

This is important because it eliminates the need for a
common root of trust -- with a significant usability

If the web of trust is used, the sender and recipient must
a priori trust each other's key signers, requiring a
common root of trust -- that may not even exist to begin

So, instead of worrying about what trust model PGP uses,
the answer is that you can use any trust model you want --
including a hierarchical trust model as used with X.509.

Jon Callas and I had several conversations on trust in
May '97, when Jon visited me for two weeks while I was
in Brazil at the time, I think before the OpenPGP WG was
even working on these issues. This is one of the comments
Jon wrote in a listserv then, with a great insight that
might be useful today:

  As I understand it, then, I've been thinking about some
  of the wrong issues. For example, I have been wondering
  about how exactly the trust model works, and what trust
  model can possibly do all the things Dr Gerck is claiming.
  I think my confusion comes from my asking the wrong
  question. The real answer seems to be, 'what trust model
  would you like?' There is a built in notion (the
  'archetypical model' in the abstract class) of the meta-
  rules that a trust model has to follow, but I might buy a
  trust model from someone and add that, design my own, or
  even augment one I bought. Thus, I can ask for a
  fingerprint and check it against the FBI, Scotland Yard,
  and Surite databases, check their PGP key to make sure
  that it was signed my Mother Theresa, ask for a letter of
  recommendation from either the Pope or the Dalai Lama
  (except during Ramadan, when only approval by the Taliban
  will do), and then reject them out of hand if I haven't had
  my second cup of coffee.

Ed Gerck

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to