pgut001(_at_)cs(_dot_)auckland(_dot_)ac(_dot_)nz (Peter Gutmann) writes:
Since we're getting a bit philosphical here, I don't know if what X.509
enforces is really "trust". PGP's web of trust is a reasonably accurate use
of the term "trust", but with X.509 you need to read "trust" as "dependency"
(in the sense of "is forced to depend upon"). For example if I make a CC
purchase from foo.com, I don't trust them because of their Verisign cert, but
I have no choice but to depend upon them because if I don't I can't make my
purchase. So PGP's mechanisms propagate trust, X.509's propagate dependency.
You of course do have a choice - whether or not to make the purchase.
I have declined to buy things because I don't trust people, and I'd
hope everyone else is in the same boat.
With pgp, you choose whether to believe a message or use a key for
encryption. If you "have to" send the message, you "don't have a
choice".
The ultimate trust model is really no different; it's the kinds of
decisions that you can make easily that get encoded into software that
differ (and this is important).
With foo.com, you choose
1) whether foo.com is actually reputable and you are willing to deal
with them (same in PGP and x509 case)
and
2) whether you believe that the key you have for foo.com really
belongs to foo.com (by choosing to believe that verisign is
adequately careful in issuing certs and protecting the CA key), or
via some essentially equivalent operation wtih a PGP signature.
The real difference is that x509 has a bunch of rules about which
signatures won't be believed (due to name subordination) and the
cultural (not spec) notion that 'root CAs' are inherently trustworthy,
together with the notion and practice that a specific list is included
by default. I agree that in practice this cultural difference is
large.
I think it would be a mistake for the openpgp spec to move in the
direction of suggesting that some keys be preconfigured as trusted
(where trusted specifically means that name/key bindings signed by
those keys are believed). But I don't think anyone is suggesting
that.
--
Greg Troxel <gdt(_at_)ir(_dot_)bbn(_dot_)com>