'Re: [Full-Disclosure] Re: A new look at PGP (WAS: Re: OpenPGP'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-Disclosure] Re: A new look at PGP (WAS: Re: OpenPGP
From:       "Roy M. Silvernail" <roy () rant-central ! com>
Date:       2004-02-28 16:32:31
Message-ID: 1077985950.1308.20.camel () localhost
[Download RAW message or body]

On Sat, 2004-02-28 at 01:21, gadgeteer@elegantinnovations.org wrote:
> On Fri, Feb 27, 2004 at 11:13:38PM -0600, Troy Solo (solo@dok.org) wrote:
> > In my opinion, it would be too easy to create false "Webs of Trust"
> > through something like Orkut.  I personally have people on my friends
> > list that I've never actually met in person.
> 
> Those that know or learn this trait about you will then give you a very 
> low value of trust for the computation of their web-of-trust matrix. This 
> was a major consideration in designing the way web-of-trust works.

At the risk of channeling Detweiler, both of you misunderstand the
concept of nymity, though for diferent reasons.  PGP's web of trust does
not imply is-a-person credentials, nor should it.  We're talking about a
communications medium that doesn't require such credentials.  A medium
that is, by nature (if not by design) anonymous.  The only concept of
identity present is some ASCII test appearing before the first blank
line of a message.

Chances are that I'm not replying to a person with the given name of
"Gadgeteer".  That has nothing to do with whether I trust your
communications, or to what level.  Some years ago, a nym called Pr0duct
Cypher produced Magic Money, one of the first e-cash schemes.  The code
was solid, well written and never associated with the meatspace identity
of its author.  Nonetheless, the Pr0duct Cypher nym gained reputation
capital because of its acts and words.

There are nyms on this very list whose output is granted creedence (or
"trust", if you will) without a meatspace association.  There are those
that are ignored, as well, and all without PGP signatures, X.509
certificates or faxed copies of identity papers. Extending trust to such
a nym is not a bad act.  The web of trust never required a meatspace
association for exactly this reason.  A WOT connection says only "I
trust that this nym is who it says it is".  Your reasons and
requirements for extending trust are your own.  The web of trust
facilitates the communication of the relationship; it does not define
the relatonship itself.

> As has already been pointed out in this thread (and others before it) 
> all current implementations have too great a friction for widespread 
> acceptance, use, or understanding.  End of story.

Beginning of opportunity.
-- 
Roy M. Silvernail is roy@rant-central.com, and you're not
Never Forget:  It's Only 1's and 0's!
SpamAssassin->procmail->/dev/null->bliss
http://www.rant-central.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic