Paul Wouters wrote:
Actually, nmost people I know never use the WoT. They only use keys
obtained directly from the person they want to exchange encrypted email
with.
this is not my experience
it will be a long time before i trust a dane/dnssec identity binding
over pgp's.
At Mon, 21 Sep 2015 16:24:10 -0700, Bill Manning wrote:
I think Paul nails it, at least for the more aware folks around.
Using the WoT to gauge anything other than confidence in choice of
friends/associates is asking for trouble.
i think bill nails it. trust in identity is what it is about for me.
i am communicating with a person, not a dns or smtp server; the latter
are agents, and ones which have failed repeatedly over the decades.
using one hierarchy to reinforce the weaknesses of another may increase
reliability (or fragility), which is good. it does not increase trust
in identity.
At Mon, 21 Sep 2015 18:58:43 -0500, Scott Kitterman wrote:
Personally, I've known people for year on line, but would never sign
someone's key without meeting them in person.
bingo! and seeing a high level out of band assertion of identy such as
a passport.
At Tue, 22 Sep 2015 08:59:25 +0200, Harald Tveit Alvestrand wrote:
it's been obvious to me since the 90s that the hierarchical models of
trust (CAs, corp signing authorities) are simply restricted webs of
trust. So the WoT model is a more general one than the hierarchical one:
you can represent hierarchy as a WoT (the user trusts the root keys,
trust flows from there), but not vice versa.
bingo!
I've been saddened by the crippled state of WoT-manipulating user
interfaces since roughly forever.
but x.509 and dns end user tools are sooo much better :)
I believe the Web of Trust has a great potential as a basis on which to
represent many different trust policies. But the current state of tools
to interrogate and update a trustdb according to those policies is
simply not fit for the task.
the state of tools for the entire trust and identity ecosystem sucks.
and we are spending our time mucking below the waterline. to a dns/dane
hammer, everything looks like a nail. a solution looking for a problem.
At Tue, 22 Sep 2015 13:55:22 -0400, Phillip Hallam-Baker wrote:
A few months back I realized that I had the criteria wrong. It is even
tougher than 'do no harm'. To get people using strong crypto you have
to do better than not making things any worse. You have to make life
easier for the user.
'cept we're not doing that. while i am still digging through your
latest, at least you're talking about some parts of the elephant that
i perceive.
At Tue, 22 Sep 2015 11:11:11 -0400 (EDT), Paul Wouters wrote:
With DNS, you can remove the key from DNS without needing the private
key or passphrase to it.
is this a feature or a bug? good discussion in acme about having the
credentialials to add/change/delete. in current pgp, if you think you
may ever want to revoke, gen a revocation credential.
in all these worlds, you need credentials to change or negate; to do
otherwise is a big vulnerability.
randy