trust problem

Paul E Condon pecondon at
Tue Dec 30 16:54:08 CET 2003

On Mon, Dec 29, 2003 at 04:53:53PM -0500, David Shaw wrote:
> On Sat, Dec 20, 2003 at 07:34:24PM -0700, Paul E Condon wrote:
> > I think a well thought out trust model is better than a dumbed-down
> > model.  At least, the dummy user should be made aware that a more
> > complex model is available (that is, of course, if the Prof. can
> > convince smart people that the more complex model is actually
> > better, and not just more complex)
> It's not better if people already have problems understanding the
> "dumbed-down" model.  As it happens, GnuPG 1.3 supports the Maurer
> trust model (a simplified version with no cycles).  However, this
> model isn't that useful given the common uses of PGP and GnuPG.  PGP
> has supported the Maurer trust model for years, and I think I've seen
> it used all of once.
> "well thought out" and "dumbed-down" are the wrong words to use to
> describe the trust models available.  The right words are "does it
> allow me to express what I want to express?"  The classic PGP trust
> model is very well suited for what it is used for - no CA, iffy
> connectivity, and everyone deciding for themselves who or what they
> will trust to what degree.
> David

My words that you quote were in response to a post in which the writer
(Adrian von Bidder) objected to something which I suggested as being
too complicated for most users. I took his words to mean that this
objection was his only significant objection to my earlier post. He
pointed me to some papers by Prof. Ueli Maurer, who had worked out a
more complex model in a paper entitled "Modeling a Public Key
Infrastructure". I've learned from that paper that there are, indeed,
some more complex models. In fact, there seem to be a variety of them.

Is this Prof. Maurer the same person to whom you refer? I get the impression
from the paper that he thinks there is more missing from PGP than cycles. 
He calls them, in good academic fashion, something like 'directions for future

My original remarks should be understood as the comments of a student who is
learning. "Wouldn't it be better if ...? " I would like to read a discussion
of the design tradeoffs that went into the GPG model, some discussion of why 
some things are left out (e.g. cycles) and why such omissions are acceptable.

I must say that models based on the existence of a Certificate Authority do
not impress me much. I think of how people using such a system would have
faired during the time of Hitler and Stalin. My favorite bumper sticker is
"Question Authority" . 

Paul E Condon           
pecondon at    

More information about the Gnupg-users mailing list