trust problem

Paul E Condon pecondon at peakpeak.com
Fri Dec 19 15:56:14 CET 2003 

On Fri, Dec 19, 2003 at 02:53:37PM +0100, Adrian 'Dagurashibanipal' von Bidder wrote:
Content-Description: signed data
> On Friday 19 December 2003 13:59, cecilia hana wrote:
> 
> > 2. the path of signed keys leading from K back to your
> > own key is five steps or shorter.
> >
> >
> >
> > peter------->blake------->elena------->chloe----
> >                          --->alex------->simon------->K
> >
> >
> > above figure shows that peter signed blake and blake
> > signed elena then on and on,
> > if peter just fully trusts simon, i think K's key is
> > valid, however K is beyond the range of five steps,
> > can anyone tell me why and i want more clearly
> > nderstanding
> > about the second condition, thanks.
> 
> First, the most important thing you need to understand: this limit of 5 steps 
> is completely arbitrary. Personally, I think 5 steps with 5 random people is 
> too much. On the otherhand, I'd be inclined to trust a much longer chain when 
> it consists of people like Werner Koch, David Shaw, or perhaps some 
> well-known Debian developers who - to me - have a very good reputation.
> 
> But to be sure that simon's key is really his, you (as peter) need to have 
> extremely high trust in blake, elena, chloe *and* alex - and, since you 
> haven't directly signed elena, chloe and alex' keys, it is very probable that 
> you don't even know them (if you knew them, you could give them a phone call 
> to identify them and exchange fingerprints over this trusted channel - so 
> your problem of the 5 steps limit wouldn't exist in the first place).
> 
> So while you may know and trust simon (whos key you just not have come around 
> to sign) to correctly verify the key of K, how can you be sure that you 
> really have simon's key?
> 

I'm a new user of gpg. I have a question that goes somewhat beyond what is
nicely explained above. (Thanks, Adrian.)

Has any consideration been given to assigning a numeric value to trust?
I imagine having a trust value between 0 (no trust) and 1 (absolute trust).
In a chain of signed keys, the trust of the keys along the chain would be
the product of the trust values of the keys to the left in the diagram. 
Of course, one doesn't have hard information about blake's trust of alex,
or alex's trust of simon, but casting the problem in terms of numeric
trust values would indicate a direction to work at improving the current
gpg system, if of course, there is a consensus that numeric trust values
make any sense at all. 

One thing that is clear from such a view is that all realistic trust
is of someone else is less than 1., so a chain of trust if extended
long enough must eventually result in a trust value at the end of the
chain that is less than some pre-selected value.

To make this useful, there might have to be some sort of public database
of the average level of trust of the community in the signings of keys
by individuals. I see nasty social problems with such a database, but
still, making trust be more numeric might have some advantages.

Has this been talked about before? What is crazy about this?

-- 
Paul E Condon           
pecondon at peakpeak.com

More information about the Gnupg-users mailing list