Daniel Kahn Gillmor via Gnupg-devel <gnupg-devel@gnupg.org> writes: > - I generally expect WoT calculations to be cumulative or additive in > some sense.
I think that may be a fundamental problem. I don't know PGP WoT but here is a thought experiment: If someone identify themselves using a governmental ID that I can verify, I tend to assign some trust to that. If they next identify themselves using ANOTHER governmental ID that claim something else, I would still tend to assign this identification some trust, but less than in the first situation. That's because I now have proof that some step in my identification is ambigious. So I don't think identity trust calculations must generally always be additive when given more information. Before someone suggests that I shouldn't assign trust to this situation, recall that this situation happens in the real world. People show me a passport and I'm happy to sign the fingerprint. Then they show me a driver's id that has another last name or similar and go "oh never mind the different name, I got married". I'm still happy to sign the fingerprint, but I'm not as confident about what the identity really is. /Simon
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-devel mailing list Gnupg-devel@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-devel
