[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PGP web of trust
On Mon, 8 Dec 1997, Carl Ellison wrote:
-> - From my POV, everybody's trust model radiates out from the verifier.
Does a tree cease to exist when you are not looking at it?
The trust model is defined by the particular standard at hand and
interpreted by the issuer -- both of which do not depend on any verifier
-- in order to produce a certificate using data from the subject and from
the issuer itself.
What depends on each verifier is the interpretation and extent to which
the trust model is used to gauge the certificate -- however, again, always
within bounds predefined by the particular standard used and by the
-> As I say frequently, there are only certificate loops -- with authority
-> passing from the verifier through certificates back to the verifier.
Does the prisoner pass authority to the prison guard, so that the prison
guard is allowed to keep the prisoner handcuffed? Certificates do not
pass authority from the verifier to the issuer. They convey information
with an unidirectional flow to the verifier. Yes, the verifier may gauge
and select the information content but he may not choose the gauge,
neither may he change the information nor may he denote it.
-> In traditional X.509, SDSI and raw SPKI, these certificates pass full
-> authority and one needs only one loop.
Again, certificates convey information in an unidirectional way and there
is no loop.
-> In PGP, the authority is fuzzy,
-> with partial authority passing, depending on the length of the
-> certificate path as well as the width.
If I can hint at what would be the intended meaning of this phrase, this
is a common misconception regarding PGP. The PGP certificate path is
always of length 1 because trust is modelled as not transitive in PGP. So,
it makes no sense to speak of "length of certification path" in PGP, which
is trivially one.
The width of a PGP path may be larger than 1, which may increase the total
trust on the information conveyed.
Dr.rer.nat. E. Gerck email@example.com