Ed Gerck wrote:
> Even though the web-of-trust seems to be a pretty good part of PGP,
> IMO it is actually it's Achilles heel.
I agree with most comments but they seem to deal more with symptons. Let
me just clarify/justify the above and why I think this is IMO actually the root
cause of problems.
PGP is based on an “introducer-model” which depends on
the integrity of a chain of authenticators, the users
themselves. The users and their keys are referred from one
user to the other, as in a friendship circle, forming an
authentication ring, modeled as a list or “web-of-trust”.
The web-of-trust model has some problems, to wit:
1. At the end, you may not know very well the last person who
entered the ring ... but you hope that someone else in the ring
does!
2. You may have different rings with “contact points”
which guarantee the referrals. However, no user can know for
sure if everyone in his authentication ring has a valid entry.
3. Let's use the term “chain” to denote such connected rings, which
can also, of course, have multiple connections. The reader should
notice further that the maintenance of this chain -- changing,
adding or deleting data -- is done by the authenticators themselves
in a happenstance pattern.
4. There is no guarantee if and when the chain is up-to-date.
5. Everyone familiar with the classical problem (or need) of
file-locking in a multi-user environment will recognize that
there is no “file-locking” mechanism here.
6. PGPdoes not scale well in size (because of the aforementioned
asynchronous maintenance difficulties of the web of trust)
or time (because of the same maintenance problems reflected
in the certificate of revocation certificates, a CRL for PGP
certificates).
So, while PGP enforces a "hard" trust policy with “trust is
intransitive” to setup entries in the web of trust, it uses a
"soft" policy to upkeep entries, without discussing their
validity/gauge or allowing for time factors and lack of synch.
This is not a dismissive treatment of PGP! One of the benefits
of PGP is that it can interoperate with a CA fully-trusted by
all parties in a domain (such as an internal CA in a company)
that is willing to guarantee certificates as a trusted introducer.
Better tools would certainly be necessary for central administration
of PGP trust parameters in a corporate system, but the flexibility of
PGP makes it a good example of a quasi-decentralized system.
Because there is no entity responsible if (or when)
something goes wrong – not even the user – the use of PGP
in a commercial situation is difficult and may not
adequately protect the business interests involved.
But again, within a circle of close friends or clients this is not
important.
Cheers,
Ed Gerck
