"Dave" == Dave Crocker <dhc(_at_)dcrocker(_dot_)net> writes:
I have no idea how we got from security for ietf.org services to this.
I hope we're not going to pilot Phil's e-mail trust model in the IETF,
even though I think his work has significant value.
Dave> The interesting premise in the suggestion is that a web of
Dave> trust key management model is useful at Internet scale.
Dave> I don't understand why anyone believes that.
I'm not sure that's actually an implied premise.
I guess bulk mailers do need to communicate with people at Internet
scale.
The rest of us not so much though.
Yes, I can communicate with anyone on the Internet.
However, the set of people that I communicate with is smaller than
that. The set of people for whom I need trusted communication is even
smaller.
From my experience in the open-source and product-security communities
(some of the larger web of trust users), web-of-trust tends to work well
when people are communicating with a small enough set of people that
they can make individual authorization decisions but where that set is
drawn from a large enough infrastructure that shared key management is
valuable.
We're seeing something similar as we're putting together the Moonshot
deployment of ABFAB federation. There's value in some environments in
having a large trust infrastructure from which I actually trust only
some principals.
I think that the same is likely true for some uses of secure e-mail.