On 22/03/16 17:11, Peter Lebbing wrote: > > That trust is not transitive is not some quirk of the web of trust: it > is fundamental. I might trust Carl, and Carl might trust Jenny, but if I > don't know Jenny, I would not trust her, despite the fact that I trust > someone who trusts her. Trust is personal and direct, not transitive.
All this is true. But this does not help *me* one iota. While the usual formulation of the web of trust (or any PKI for that matter) runs along the lines of "given that I trust this finite list of people, can I verify this particular signature?", the question most useful to a user is "given this particular signature, how much confidence should I invest in it?". They are not the same question. Real world example. I wanted to install the latest copy of Apache for windows. It is signed by one William A Rowe Jr. I do not know William A Rowe Jr, nor do I know any of the people who have signed his key, nor am I ever likely to meet them, let alone trust them enough to verify other keys on my behalf. I'd never even heard of William A Rowe Jr before I tried to download his software. And yet the PGP signature on that binary must be worth something other than zero. In my quest to verify the signature of William A Rowe Jr, I ended up downloading over a thousand keys. Even importing the entire Debian keyring and setting them all to marginal trust (I'm already trusting them to write my OS, so why not?) wasn't enough. I did manage it in the end by assigning full trust to a judicious selection of people that I recognised by name and reputation, and a few that I didn't. Sure, it probably wasn't worth the effort I spent on it. And of course, I then ended up with a terrifyingly liberal trustdb - but which was still not liberal enough to verify a significant fraction of posts to debian-security despite me marginally trusting their entire keyring. My point is, there are times when you want to be absolutely certain that a particular key belongs to someone you know and trust. And there are times when you are looking for whatever assurances you can get that some random dude on the internet isn't about to pwn your server. I'd contend that the second use case is far more common than the first. If you can't ascribe at least *some* level of trust to multiple PGP signatures in the WOT made by named individuals (even those not personally known to you), then you certainly shouldn't be relying on X509 certificates issued by a single one of hundreds of faceless CAs through some automated process. But every day you do that, because the alternative is not to use the internet at all. A
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
