trust problem

David Shaw dshaw at
Mon Dec 29 16:53:53 CET 2003

On Sat, Dec 20, 2003 at 07:34:24PM -0700, Paul E Condon wrote:

> I think a well thought out trust model is better than a dumbed-down
> model.  At least, the dummy user should be made aware that a more
> complex model is available (that is, of course, if the Prof. can
> convince smart people that the more complex model is actually
> better, and not just more complex)

It's not better if people already have problems understanding the
"dumbed-down" model.  As it happens, GnuPG 1.3 supports the Maurer
trust model (a simplified version with no cycles).  However, this
model isn't that useful given the common uses of PGP and GnuPG.  PGP
has supported the Maurer trust model for years, and I think I've seen
it used all of once.

"well thought out" and "dumbed-down" are the wrong words to use to
describe the trust models available.  The right words are "does it
allow me to express what I want to express?"  The classic PGP trust
model is very well suited for what it is used for - no CA, iffy
connectivity, and everyone deciding for themselves who or what they
will trust to what degree.


More information about the Gnupg-users mailing list