ietf-openpgp
[Top] [All Lists]

The web of trust has no clothes.

1997-11-24 18:26:14
Another flaw in the web of trust and PGP is now revealed and comes home
to roost.  Now that PGP Inc. has deep-sixed RSA in new free versions,
not only does everyone with an old RSA key have to generate a new key
but also a complete new set of signatures and web of trust must be built
if they wish to use the "better" algorithms. And the new keys must be
distributed to correspondents, either directly or by "pull" from
servers. This took years the first time--perhaps the second time it will
be a bit faster.

In contrast, with S/MIME-Verisign-Netscape/Microsoft if they were to
change the algorithm you just generate a new key and get one certificate
and you're done. And as you e-mail your correspondents using your new
certificate, they get a copy of your new key automatically.

And some say PGP's trust model is "better". Can you say "needs work",
boys and girls?

David


<Prev in Thread] Current Thread [Next in Thread>