[Top] [All Lists]

Re: RSA conf paper on PGP web of trust

2004-03-09 05:23:34

Bill Frantz wrote:

At 10:51 AM -0800 3/5/04, Hal Finney wrote:

I just noticed that a paper was published at the RSA conference with
concepts that might be relevant to the PGP web of trust.


The new paper does not use a probabilistic model, but rather assumes
that users are either malicious or reliable.  It attempts to distinguish
the two by detecting conflicts, where the same identity is bound to
two different keys.  It takes such a conflict as evidence of malicious
behavior and uses graph theory to try to figure out which keys are the
malicious ones.  These can then be eliminated from the WoT and then the
resulting signatures are taken to be correct.

Wouldn't this be a common situation if someone replaces a key for hygiene
reasons, but does not revoke the previous key (on the basis that the old
key hasn't been proven bad, and some people may not have the new one)?

Or, like me, where I have an RSA key and a DSA key...


"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff