From: Jueneman(_at_)gte(_dot_)com
Date: Fri, 13 Jan 1995 13:35:40 EST
PEM focusses on validating a users _identity_. That's fine, and
useful, but it doesn't address the use of trustworthiness in any
sense. If a properly identified user lies or reneges on a promise,
your only recourse is a legal one. (Or extra-legal -- I guess you
could break his kneecaps, banish him from the kingdom (put him in
your kill file), or make a pariah of him in cyberspace.)
PGP, on the other hand, tries to approach the issue of
trustworthiness, but it does so without respect to any enunciated
criteria or policy, so far as I know. What does it mean to say that
someone is trusted? Will he pay you back the five bucks he borrowed?
Will he keep a secret? Will he always tell the truth, even if it is
embarrassing or expensive to him? How much money would have to be put
on the table to overcome those scruples?
No, you're confused.
No, just uninformed. Confusion requires more knowledge. :-)
PGP is only focused on validating a users
_identity_, just like PEM. The weighting which Derek talked about are
used to determine a "probability factor" (if you will) that a person's
public key really belongs to the person named in PGP's certificate.
I know a lot of people will probably wince when they see "probability"
in the same sentence as "identity" --- but that's a concept that is
valid, and exists. The multiple PCA's are a way of addressing this ---
do you want low-assurance, medium-assurance, or high-assurance trust?
And even in the high-assurance model, the probility is still not zero;
there's always the possibility that the CA administrator is someone like
Comrade Ameski at the CIA.
PGP has a different way of trying to model this "probability factor"
than PEM does, with its "web of trust" --- this "web of trust" is only
concerned with the trustworthiness as it relates to asserting an
identity. It has nothing to do with do with trsutworthiness in the
business sense, and it wasn't designed to have such connotations.
The analogy to use is:
PEM : {low,medium,high} assurance PCA model :: PGP : Web of trust model
Ted, I'll take your word for it with respect to the stated intent, and even the
current practice.
However, I had the impression, based on some casual conversations, that IN
PRACTICE, people were using the direct trust model for slightly more than just
identity validation, and more along the lines of "friends and family" ( I first
typed "fiends and family" -- another Freudian slip!) that Steve Kent has
referred to. By extension, I assumed that the web of trust was being used as
the loose equivalent of the old-fashioned letter of introduction of the 19th
century, in other words, to confirm someone's standing as a lady or gentlemen
and a member of polite society, as oppsed to being a thief or scoundrel.
That's nat at all the same thing as a Letter of Credit, which you might obtain
from your bank and use to open an account or obtain credit at another bank.
that refers to credit-worthiness, as opposed to trust-worthiness. I know some
very decent people that I might trust with my life, but not necessarily with my
wallet! Credit-worthiness requires more than trust-worthiness. It also requires
a certain ratio of assets to liabilities, and a sufficient amount of business
acumen as to not spend recklessly and to balance the checkbook occasionally. I
assume that the good citizens of Orange County, CA are trustworthy, but Moody's
says that they are as creditworth as before, because of investing in all those
derivatives.
Am I still out in left field? You've spoiled such a nice mental model!
Bob
--------------------------------
Robert R. Jueneman
GTE Laboratories
40 Sylvan Road
Waltham, MA 02254
FAX: 1-617-466-2603
Voice: 1-617-466-2820