On Tue, Oct 22, 2013 at 10:19 AM, Stephen Kent <[email protected]> wrote: >> The reasons you list are the ones behind why I included the >> 'Confidence' parameter in the Signed vCard spec. In fact, that >> parameter is the key to the whole approach. > > A similar proposal, adding qualitative metrics to the basic web of trust > model, > was the focus of a PhD thesis about 20 years ago, in France. It was not a > great > idea; trust is not transitive and adding numbers to the mix doesn't change > that, > although it can lead to considerable confusion for users.
(I know that this isn't the idea you were trying to convey, but I find the very fact that the idea I came up with was able to /be/ the topic for a thesis very cheering. :) ) I am extremely aware that Bayesian numbers are extremely non-intuitive for many people. Simply by rephrasing a basic Bayesian-style word problem in different ways, from 15% to 46% of doctors get the right answer [1]. This is why I spent so many paragraphs describing decibans and their use in the draft, including a table. It's also why, once the basics of the system are worked out, I'm hoping to offer the option of hiding all the fiddly bits in the background for the end-user, as in present-day https. The key item I am gathering from your response is 'trust is not transitive'. If that's the case, then wouldn't that also apply to chains of 'official' CAs, as well? If all that is so, then is it possible that ad-hoc / mesh-network / web-of-trust / (insert-buzzword-here) CAs would fare no worse by that metric than the current hierarchical CA system? [1] http://yudkowsky.net/rational/bayes/ Thank you for your time, -- DataPacRat "Then again, I could be wrong." _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
