From: Jueneman(_at_)gte(_dot_)com
Date: Fri, 13 Jan 1995 13:35:40 EST
PEM focusses on validating a users _identity_. That's fine, and
useful, but it doesn't address the use of trustworthiness in any
sense. If a properly identified user lies or reneges on a promise,
your only recourse is a legal one. (Or extra-legal -- I guess you
could break his kneecaps, banish him from the kingdom (put him in
your kill file), or make a pariah of him in cyberspace.)
PGP, on the other hand, tries to approach the issue of
trustworthiness, but it does so without respect to any enunciated
criteria or policy, so far as I know. What does it mean to say that
someone is trusted? Will he pay you back the five bucks he borrowed?
Will he keep a secret? Will he always tell the truth, even if it is
embarrassing or expensive to him? How much money would have to be put
on the table to overcome those scruples?
No, you're confused. PGP is only focused on validating a users
_identity_, just like PEM. The weighting which Derek talked about are
used to determine a "probability factor" (if you will) that a person's
public key really belongs to the person named in PGP's certificate.
I know a lot of people will probably wince when they see "probability"
in the same sentence as "identity" --- but that's a concept that is
valid, and exists. The multiple PCA's are a way of addressing this ---
do you want low-assurance, medium-assurance, or high-assurance trust?
And even in the high-assurance model, the probility is still not zero;
there's always the possibility that the CA administrator is someone like
Comrade Ameski at the CIA.
PGP has a different way of trying to model this "probability factor"
than PEM does, with its "web of trust" --- this "web of trust" is only
concerned with the trustworthiness as it relates to asserting an
identity. It has nothing to do with do with trsutworthiness in the
business sense, and it wasn't designed to have such connotations.
The analogy to use is:
PEM : {low,medium,high} assurance PCA model :: PGP : Web of trust model
The advantage of PGP's model is that it doesn't require hours and hours
of legal fees to set up all of the contracts for the various PCA and
CA's, with all of the indemnifications and disclaimers of liabilities.
It's a great way to keep lots of lawyers gainfully employed, but I have
to wonder if business people have ever wondered whether they have spent
more money on lawyers than the value that they actually gained.
After all, just today I received over a thousand dollar's worth of
merchandise on the strength of nothing more than a fax'ed purchase order
--- and we didn't have to sign any complicated legal paperwork when we
purchased our fax machines!
- Ted