Re: [Peter Williams: Perhaps OSI security is not possible in a liberal c

I believe that hierarchical certification is not the only useful
model.  In fact I suspect it to be downright harmful in many cases
(laying authoritarian infrastructure onto things that don't need to be
authoritarian).  I believe that the most strict reason for using
hierarchy in PEM is to guarantee that RSA Data Security is getting
a royalty per key in use (in the U.S.).

Phil Zimmerman's `PGP 2.0' (Pretty Good Privacy) package implements a
`transitive trust' scheme for certification.  Anyone can certify
anyone else, and they provide a degree of certainty along with the
cert.  Each user can set their level of trust in each public key that
they currently have.  Users can also set acceptable levels of trust
for certificates to be accepted.  E.g. if I'm Alice and I got Bob's
key from him personally, I give Bob's key a high degree of certainty.
If Bob is a reliable guy and he certifies Cindy's key with high
certainty, then I will probably believe him.  I may not believe
someone else's key certified by Cindy though, since the chain of trust
is getting a big too thin for me.

This model can support hierarchical systems, and many others.  In
particular, it supports mutual certification of individuals involved
in an 'interest group', where many people in the group personally know
many other people.  When they meet at conferences, they can exchange
keys on floppies (or can certify their keys to each other by phone at
any time, recognizing each others' voices).  Any new person involved
in the group will become generally recognized by all, after becoming
personally known by a few of the existing group members.  Since this
models a particular way that society works, it's likely that users
will desire software certification to work this way (in addition to
other ways, such as hierarchy).

PGP is available on various archive sites and on the FidoNet; use
"archie" or see alt.security.pgp for details.  It runs on MSDOS and
various Unix machines; full source code is provided.  I think it is
useful for gaining experience with some of these trust models that
governmental or official standards bodies are unwilling or unable to
consider.

        John Gilmore

<Prev in Thread]	Current Thread	[Next in Thread>
[Peter Williams: Perhaps OSI security is not possible in a liberal community!], David M. Balenson Re: [Peter Williams: Perhaps OSI security is not possible in a liberal community!], gnu <= Re: [Peter Williams: Perhaps OSI security is not possible in a liberal community!], Peter Williams Re: [Peter Williams: Perhaps OSI security is not possible in a liberal community!], Stephen D Crocker Re: [Peter Williams: Perhaps OSI security is not possible in a liberal community!], Steve Kent Re: [Peter Williams: Perhaps OSI security is not possible in a liberal community!], Carl Ellison Re: [Peter Williams: Perhaps OSI security is not possible in a liberal community!], Steve Kent

Previous by Date:	[Peter Williams: Perhaps OSI security is not possible in a liberal community!], David M. Balenson
Next by Date:	Re: [Peter Williams: Perhaps OSI security is not possible in a liberal community!], Carl Ellison
Previous by Thread:	[Peter Williams: Perhaps OSI security is not possible in a liberal community!], David M. Balenson
Next by Thread:	Re: [Peter Williams: Perhaps OSI security is not possible in a liberal community!], Peter Williams
Indexes:	[Date] [Thread] [Top] [All Lists]

Re: [Peter Williams: Perhaps OSI security is not possible in a liberal community!]