discussion on increasing amount of gpg signatures...

Ben Paul Wise bwise@sito.saic.com
Sat Oct 13 00:10:01 2001


Johan et al:

The "web of trust" is not meant to determine honesty, reliability, 
discretion, etc.   It is meant to be a web of certifications that the keys
are actually in use by those who appear to be using them. 

The difference: I may know with absolute certainty that the key belongs
to John Doe because of the web of trust. Therefore, I know with absolute
certainty that he'll blab my secret all over town as soon as he knows it - 
because he really is the John Doe whom I distrust.

On Friday 12 October 2001 12:42, Johan Wevers allegedly wrote:

> Douglas Elznic wrote:
> > It seems that the biggest problem with gpg is not technichal and but a
> > social problem. The problem seems to be the lack of signatures and size
> > of the web of trust.
>
> Hmmm. If I discuss things that really need to be kept secret I only do
> that with people I already know and whose keys I trust. And trusting
> people for discussing one subject does not automatically mean I trust
> them for discussing other subjects too. This means I just don't care for
> the "web of trust". Before I discuss some things with people, I just
> need to trust them personally, not "trust" them because other people do.
-- Ben Wise, PhD Mobile: 703-731-5144 SAIC GnuPG ID: 0xF491BD21 http://www.saic.com bwise@sito.saic.com