[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec near term work




Stephen D Crocker says:
> > I realize that these aren't *all* the implications -- I'm sure that
> > even Phil Zimmermann doesn't understand *all* the implications -- but
> > I hope I've shed some light it a little.
> 
> One of the criticisms of the web of trust model in PGP is that it's
> hard to characterize precisely what the properties are.  Theorems,
> anyone?

Lets recall, of course, that the PEM model is a strict subset of the
Web model. I could just build a strict heirarchy if I wanted. Unlike
with PEM, however, with a Web, I can designate a sit or corporate
signing authority or choose not to as my tastes go. I can designate a
small set of other company's who's signing authorities I trust and set
up a frustum of trust rather than a pyramid of trust, or I can set up
a web with my friends, or I can do anything else I like.

I agree that formally characterizing the properties of the model is
hard. Of course, formally characterizing the failure modes of SMTP
email is also hard, and yet people manage to trust that SMTP will
deliver their mail most of the time just fine.

It would be NICE to come up with formal characterizations, of course,
but we would first need to very clearly understand what it was that we
wanted to figure out about the security of the system.

> I'm not suggesting that lack of formal rigor invalidates it
> completely, but it's not unreasonable to worry about such things as we
> scale up our use of certificates.

Agreed.

On another note, I'd like to point out that "Web" does not mean
"everyone signs keys", it merely means "one may establish more than
one root in the heirarchy of entities one chooses to trust". It will
scale just fine if large organizations centralize WITHIN THEIR
ORGANIZATION. This reminds me of the way that DNS forces local
administrators to centralize their name management within their
domain, but only some peripheral aspects of the namespace and some
"starter" data get managed by DNS itself. Unlike DNS, however, the Web
model allows you to operate entirely without a single root. Two
companies or sites could choose to mutually trust signing authorities
without having to involve anyone else in the decision. Overall, its
really nice.



Perry


Follow-Ups: References: