trust problem

Paul E Condon pecondon at
Sat Dec 20 19:34:24 CET 2003

On Sat, Dec 20, 2003 at 03:51:44PM +0100, Adrian 'Dagurashibanipal' von Bidder wrote:
Content-Description: signed data
> On Friday 19 December 2003 23:56, Paul E Condon wrote:
> > Has any consideration been given to assigning a numeric value to trust?
> > I imagine having a trust value between 0 (no trust) and 1 (absolute trust).
> > In a chain of signed keys, the trust of the keys along the chain would be
> > the product of the trust values of the keys to the left in the diagram.
> Google around, and search a paper by prof. Ueli Maurer (ETH Z?rich - where I 
> study, incidentally) on this subject.
> It's not as easy as you think. Consider
>        P1 -----> P2 -------> P4
>         |       | ^         ^
>         \       v |         |
>          ------> P3 --------/
> So, with the cycle between P2 and P3, calculating the trust you should have 
> for P4 becomes non-trivial - because, clearly, the fact that P2 and P3 have 
> cross-signed their keys should matter - simply eliminating the cycle will 
> distort the metrics (and which link in the cycle will you remove?)

My model of numeric trust was just an example of something more rational than
the gpg innumerate model. It did not even include the handling of two alternative
paths from P1 to P4. The cross linking of these paths is an extra flourish of
complexity. I will look for the Prof.'s publications. Thanks.

> The other thing: even the simple trust model gpg uses currently is too 
> complicated for most people - try explaining it to somebody (in a 
> non-technical profession, perhaps) who just wants to use email and doesn't 
> care for security. This *does* matter because many people think that 
> everybody should be using encryption (after all, email *is* terribly 
> insecure).
> > To make this useful, there might have to be some sort of public database
> > of the average level of trust of the community in the signings of keys
> > by individuals. I see nasty social problems with such a database, but
> > still, making trust be more numeric might have some advantages.
> I think such a db would be completely bogus. Trust is a very personal thing.  
> Sure, reputation is closely linked to trust, but I wouldn't say that having a 
> high score in this db would tell anything about that person's reputation.

I think a well thought out trust model is better than a dumbed-down model.
At least, the dummy user should be made aware that a more complex model is
available (that is, of course, if the Prof. can convince smart people that
the more complex model is actually better, and not just more complex)

Yes, trust is a very personal thing. But, like the rational man who is so
important in economic theory, a rational trust manager who can distance 
himself from his animal spirits might be a useful concept in the theory of
trust management. 

I think a public database of trust values would present great social 
difficulties. Not only is trust very personal, but it is doubtful that
a person who harbors some feelings of distrust towards another person 
would be candid in publishing those feelings.

Paul E Condon           
pecondon at    

More information about the Gnupg-users mailing list