GnuPG Web-of-Trust calculations based on trust-signatures don't add up (T7611)
Simon Josefsson
simon at josefsson.org
Tue May 6 23:04:40 CEST 2025
Daniel Kahn Gillmor via Gnupg-devel <gnupg-devel at gnupg.org> writes:
> - I generally expect WoT calculations to be cumulative or additive in
> some sense.
I think that may be a fundamental problem. I don't know PGP WoT but
here is a thought experiment:
If someone identify themselves using a governmental ID that I can
verify, I tend to assign some trust to that.
If they next identify themselves using ANOTHER governmental ID that
claim something else, I would still tend to assign this identification
some trust, but less than in the first situation. That's because I now
have proof that some step in my identification is ambigious.
So I don't think identity trust calculations must generally always be
additive when given more information.
Before someone suggests that I shouldn't assign trust to this situation,
recall that this situation happens in the real world. People show me a
passport and I'm happy to sign the fingerprint. Then they show me a
driver's id that has another last name or similar and go "oh never mind
the different name, I got married". I'm still happy to sign the
fingerprint, but I'm not as confident about what the identity really is.
/Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1251 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20250506/1375427f/attachment.sig>
More information about the Gnupg-devel
mailing list