lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: roy at rant-central.com (Roy M. Silvernail)
Subject: Re: A new look at PGP (WAS: Re: OpenPGP
	(GnuPG) vs.	S/MIME)

On Sat, 2004-02-28 at 01:21, gadgeteer@...gantinnovations.org wrote:
> On Fri, Feb 27, 2004 at 11:13:38PM -0600, Troy Solo (solo@....org) wrote:
> > In my opinion, it would be too easy to create false "Webs of Trust"
> > through something like Orkut.  I personally have people on my friends
> > list that I've never actually met in person.
> 
> Those that know or learn this trait about you will then give you a very 
> low value of trust for the computation of their web-of-trust matrix. This 
> was a major consideration in designing the way web-of-trust works.

At the risk of channeling Detweiler, both of you misunderstand the
concept of nymity, though for diferent reasons.  PGP's web of trust does
not imply is-a-person credentials, nor should it.  We're talking about a
communications medium that doesn't require such credentials.  A medium
that is, by nature (if not by design) anonymous.  The only concept of
identity present is some ASCII test appearing before the first blank
line of a message.

Chances are that I'm not replying to a person with the given name of
"Gadgeteer".  That has nothing to do with whether I trust your
communications, or to what level.  Some years ago, a nym called Pr0duct
Cypher produced Magic Money, one of the first e-cash schemes.  The code
was solid, well written and never associated with the meatspace identity
of its author.  Nonetheless, the Pr0duct Cypher nym gained reputation
capital because of its acts and words.

There are nyms on this very list whose output is granted creedence (or
"trust", if you will) without a meatspace association.  There are those
that are ignored, as well, and all without PGP signatures, X.509
certificates or faxed copies of identity papers. Extending trust to such
a nym is not a bad act.  The web of trust never required a meatspace
association for exactly this reason.  A WOT connection says only "I
trust that this nym is who it says it is".  Your reasons and
requirements for extending trust are your own.  The web of trust
facilitates the communication of the relationship; it does not define
the relatonship itself.

> As has already been pointed out in this thread (and others before it) 
> all current implementations have too great a friction for widespread 
> acceptance, use, or understanding.  End of story.

Beginning of opportunity.
-- 
Roy M. Silvernail is roy@...t-central.com, and you're not
Never Forget:  It's Only 1's and 0's!
SpamAssassin->procmail->/dev/null->bliss
http://www.rant-central.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ