A Probabilistic Trust Model for GnuPG (2006)

Robert J. Hansen rjh at sixdemonbag.org
Thu Dec 13 01:57:23 CET 2012


On 12/12/2012 7:29 AM, Nicholas Cole wrote:
> In fact, the OpenPGP standard DOES allow for fine-grained levels of
> trust, or could be easily extended to do so

My understanding is it's the latter.  Yes, it could be easily extended,
but that extension would break interoperability with every other
implementation that doesn't grok this.

Further, some implementations (*coughcough* PGP *cough*) are damn near
hostile to the idea of any kind of gradations: look at how many hoops
you have to jump through in order to give any kind of certification
other than "generic".

So, yeah.  The proposal breaks interop, and for that reason alone (IMO)
deserves to be put on the shelf.  As near as I can tell it solves a
problem that doesn't exist and does it in a way that breaks interop.
All it needs to do in addition is raise my taxes and it's the hat trick
of badness.




More information about the Gnupg-devel mailing list