Re: RIPEM details

   From: Jueneman(_at_)gte(_dot_)com
   Date: Fri, 13 Jan 1995 17:16:10 EST

   However, I had the impression, based on some casual conversations,
   that IN PRACTICE, people were using the direct trust model for
   slightly more than just identity validation, and more along the lines
   of "friends and family" ( I first typed "fiends and family" --
   another Freudian slip!) that Steve Kent has referred to. By
   extension, I assumed that the web of trust was being used as the
   loose equivalent of the old-fashioned letter of introduction of the
   19th century, in other words, to confirm someone's standing as a lady
   or gentlemen and a member of polite society, as oppsed to being a
   thief or scoundrel.

No, as far as I know, no one is using in that way.  People have talked
about it being a "friends and family" model (I believe Steve Kent was
the one who coined that term) in the sense that you get your "friends
and family" to certify your identity, instead of having (say) the town
of Arlington, state of Massachusetts certify your identity.  Given that
the people you most generally talk to are friends or friends of friends,
the PGP model works out fairly well.

I'll sign anyone's key who can reasonably prove to me that they are who
they say they are.  And, in the PGP key signing parties that have been
organized at the IETF, Usenix, etc. that seems to be the way that
everyone else has done things.

One can posit a future application of PGP where a firm only uses a
certain PGP key to sign customers' keys with whom that firm has an
established line of credit --- and PGP would work perfectly well for
that application --- but that's not the general use of PGP, and that's a
case where the user has established their own semantic meaning of a
signature on a PGP key, which has meaning only to them.

   Am I still out in left field?  You've spoiled such a nice mental model!

Yes, I think your model is not at all accurate.  PGP key signatures are
in practice only being used to make an assertion of identity.  Whether
or not you trust various people's assertions of identity is what makes
up the "web of trust".  The trust issues are only for identification,
not for whether or not someone is a scoundrel or not.

                                                        - Ted

<Prev in Thread]	Current Thread	[Next in Thread>
Re: RIPEM details, (continued) Re: RIPEM details, Theodore Ts'o Re: RIPEM details, vitor Re: RIPEM details, Theodore Ts'o Re: RIPEM details, Ned Freed Re: RIPEM details, Robert W. Shirey PGP-MIME integration, Ian Duncan Re: RIPEM details, Wolfgang Schneider Re: RIPEM details, Theodore Ts'o Re: RIPEM details, Jueneman Re: RIPEM details, Peter Williams Re: RIPEM details, Theodore Ts'o <= Re: RIPEM details, Jeffrey I. Schiller Re: RIPEM details, Theodore Ts'o Re: RIPEM details, Jueneman Re: RIPEM details, Jueneman Re: RIPEM details, Mr Rhys Weatherley Re: RIPEM details, Christian Huitema

Previous by Date:	Re: RIPEM details, Jeffrey I. Schiller
Next by Date:	Re: RIPEM details, Theodore Ts'o
Previous by Thread:	Re: RIPEM details, Peter Williams
Next by Thread:	Re: RIPEM details, Jeffrey I. Schiller
Indexes:	[Date] [Thread] [Top] [All Lists]