Full Disclosure mailing list archives

Re: Re: A new look at PGP (WAS: Re: OpenPGP (GnuPG) vs. S/MIME)

From: "Roy M. Silvernail" <roy () rant-central com>
Date: Sat, 28 Feb 2004 11:32:31 -0500

On Sat, 2004-02-28 at 01:21, gadgeteer () elegantinnovations org wrote:

On Fri, Feb 27, 2004 at 11:13:38PM -0600, Troy Solo (solo () dok org) wrote:

In my opinion, it would be too easy to create false "Webs of Trust"
through something like Orkut.  I personally have people on my friends
list that I've never actually met in person.


Those that know or learn this trait about you will then give you a very 
low value of trust for the computation of their web-of-trust matrix. This 
was a major consideration in designing the way web-of-trust works.


At the risk of channeling Detweiler, both of you misunderstand the
concept of nymity, though for diferent reasons.  PGP's web of trust does
not imply is-a-person credentials, nor should it.  We're talking about a
communications medium that doesn't require such credentials.  A medium
that is, by nature (if not by design) anonymous.  The only concept of
identity present is some ASCII test appearing before the first blank
line of a message.

Chances are that I'm not replying to a person with the given name of
"Gadgeteer".  That has nothing to do with whether I trust your
communications, or to what level.  Some years ago, a nym called Pr0duct
Cypher produced Magic Money, one of the first e-cash schemes.  The code
was solid, well written and never associated with the meatspace identity
of its author.  Nonetheless, the Pr0duct Cypher nym gained reputation
capital because of its acts and words.

There are nyms on this very list whose output is granted creedence (or
"trust", if you will) without a meatspace association.  There are those
that are ignored, as well, and all without PGP signatures, X.509
certificates or faxed copies of identity papers. Extending trust to such
a nym is not a bad act.  The web of trust never required a meatspace
association for exactly this reason.  A WOT connection says only "I
trust that this nym is who it says it is".  Your reasons and
requirements for extending trust are your own.  The web of trust
facilitates the communication of the relationship; it does not define
the relatonship itself.

As has already been pointed out in this thread (and others before it) 
all current implementations have too great a friction for widespread 
acceptance, use, or understanding.  End of story.


Beginning of opportunity.
-- 
Roy M. Silvernail is roy () rant-central com, and you're not
Never Forget:  It's Only 1's and 0's!
SpamAssassin->procmail->/dev/null->bliss
http://www.rant-central.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

OpenPGP (GnuPG) vs. S/MIME Ben Nelson (Feb 27)
- Re: OpenPGP (GnuPG) vs. S/MIME Tim (Feb 27)
  - Re: OpenPGP (GnuPG) vs. S/MIME Kurt Seifried (Feb 27)
    - A new look at PGP (WAS: Re: OpenPGP (GnuPG) vs. S/MIME) Harry Hoffman (Feb 27)
    - Re: A new look at PGP (WAS: Re: OpenPGP (GnuPG) vs. S/MIME) Troy Solo (Feb 27)
    - Re: A new look at PGP (WAS: Re: OpenPGP (GnuPG) vs. S/MIME) gadgeteer (Feb 27)
    - Re: Re: A new look at PGP (WAS: Re: OpenPGP (GnuPG) vs. S/MIME) Roy M. Silvernail (Feb 28)
    - Re: Re: A new look at PGP (WAS: Re: OpenPGP (GnuPG) vs. S/MIME) gadgeteer (Feb 28)
    - Re: A new look at PGP (WAS: Re: OpenPGP (GnuPG) vs. S/MIME) Byron Copeland (Feb 27)
    - Re: A new look at PGP (WAS: Re: OpenPGP (GnuPG) vs. S/MIME) Harry Hoffman (Feb 28)
- Re: OpenPGP (GnuPG) vs. S/MIME Simon Richter (Feb 27)
  - Re: OpenPGP (GnuPG) vs. S/MIME petard (Feb 28)
- RE: OpenPGP (GnuPG) vs. S/MIME Aditya, ALD [Aditya Lalit Deshmukh] (Feb 28)
- Re: OpenPGP (GnuPG) vs. S/MIME gabriel rosenkoetter (Feb 28)
  - Re: OpenPGP (GnuPG) vs. S/MIME martin f krafft (Feb 28)
- <Possible follow-ups>
- Re: OpenPGP (GnuPG) vs. S/MIME Chris Adams (Feb 27)
  - Re: Re: OpenPGP (GnuPG) vs. S/MIME petard (Feb 28)