In message <[EMAIL PROTECTED]> on Wed, 19 Jan 2005 11:47:25 +0000, Shaun Lipscombe <[EMAIL PROTECTED]> said:
shaun.lipscombe> At least with SSL you have a single entity at the top, shaun.lipscombe> in OpenPGP etc you have a "web of trust" and "key shaun.lipscombe> signing parties" and lots of other stuff which really shaun.lipscombe> makes key validity a touch n go subject and people shaun.lipscombe> being who they say they are gets a bit of an iffy shaun.lipscombe> subject. OK, time to call bullshit whan I see it :-) OpenPGP has a different trust model than X.509/PKIX, it's entirely true. Making that something inherently bad is what I call BS. The trust model for OpenPGP is direct, personal validation of identity. I won't sign another person's PGP key unless I either know this person personally, or can validate his/her identity through some kind of identity paper, for example a passport together with a business card where his/her email address is clearly shown together with the same name as on the passport. The validation chain is a chain of such checkups, basically, coupled with trust settings (they can be viewed as policy settings are viewed in the X.509/PKIX world). The trust model for X.509/PKIX is to trust a higher authority, but can also be set up as a personal web of trust if you set up your own CA and use policy extensions properly. shaun.lipscombe> Just search any keyserver for "Superman" and I'm sure shaun.lipscombe> you'll find someone that claims to be Superman for shaun.lipscombe> example. Claims it in what way? You mean as part of the real name or as part of the email address? Either way, what stops anyone claiming the same in the X.509/PKIX world? That's not the point either way, the point is if you trust the claim, or if you trust someone who would trust that claim. That kind of trust can be handled, both in the OpenPGP world and the X.509/PKIX one. Cheers, Richard ----- Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ "When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up." -- C.S. Lewis ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
