[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
PGP web of trust
-----BEGIN PGP SIGNED MESSAGE-----
At 09:38 AM 12/3/97 -0200, Ed Gerck wrote:
>Subject: Re: I-D ACTION:draft-ietf-spki-cert-theory-00.txt
>PGP does not prohibit pseudonyms to be used, which amounts to a binding
>only between name (here, an e-mail) and a key. Further, PGP does not
>depend on such binding for security, but on the web-of-trust, which is a
>binding of quite a different sort (between a person and respective
>acquaintances).
PGP's web of trust is frequently misunderstood. I wish the PGP folks (some
of whom are on this list) would correct that.
- From my POV, everybody's trust model radiates out from the verifier. As I
say frequently, there are only certificate loops -- with authority passing
from the verifier through certificates back to the verifier. In traditional
X.509, SDSI and raw SPKI, these certificates pass full authority and one
needs only one loop. In PGP, the authority is fuzzy, with partial authority
passing, depending on the length of the certificate path as well as the
width. The closest SPKI comes to that is with threshold subjects, which
allow width of paths but make no allowance for length.
- Carl
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3
iQCVAwUBNIuWeBN3Wx8QwqUtAQGUwwP/RCA9UMX0U/9R+7pnZ/LXG9h7VF23BPrB
9iEiUSqEsdtL+v3r06EBzT0W5eqnfawmi2Zs0JeFXFLesEZN1+3sE0WWb7AkP60W
bqT1YEBbILXar3FKEZx06VI5zKqwskv5fJiI7Km53bQB6gKGEF/dgdK0h6PkxpvF
g1aVCiWGers=
=VfGb
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
Follow-Ups:
References: