At 10:51 AM -0800 3/5/04, Hal Finney wrote:
I just noticed that a paper was published at the RSA conference with
concepts that might be relevant to the PGP web of trust.
http://discovery.csc.ncsu.edu/~pning/pubs/robust-keyrings.pdf
...
The new paper does not use a probabilistic model, but rather assumes
that users are either malicious or reliable. It attempts to distinguish
the two by detecting conflicts, where the same identity is bound to
two different keys. It takes such a conflict as evidence of malicious
behavior and uses graph theory to try to figure out which keys are the
malicious ones. These can then be eliminated from the WoT and then the
resulting signatures are taken to be correct.
Wouldn't this be a common situation if someone replaces a key for hygiene
reasons, but does not revoke the previous key (on the basis that the old
key hasn't been proven bad, and some people may not have the new one)?
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | "There's nothing so clear as a | Periwinkle
(408)356-8506 | vague idea you haven't written | 16345 Englewood Ave
www.pwpconsult.com | down yet." -- Dean Tribble | Los Gatos, CA 95032