Why CAs or public keysigning?

Eugene Smiley eugene@esmiley.net
Wed Jun 18 15:39:02 2003

Hash: SHA1

Peter wrote:
> The WoT clearly is not responsible for unique identification =
> persons. But when I want to communicate securely with a =
person, I
> need this unique identification. In case 1, 2 and 3 this
> identification is given with varying quality. In case 3 even =
> help of the WoT. But in case 4 this unique identification is
> missing, and I can only solve this by direct contact with the=
> owner. But then I could much more easily ask him for his
> fingerprint myself, so I don't need the signatures of CAs or
> "public keysigners" anymore...

I think this is a good time to refer to what Phil Zimmerman =
said. "I feel like I've created a monster...things can get =
paralyzed by excessive analness," and "If you're in a situation=
 where your threat model is powerful adversaries who are going =
to put forth a focused attack, you have to use formal methods. =
If you impose those same standards on everyone's uses, =
[however], you end up where we are today, where only a thin =
slice of the e-mail pie gets encrypted."

It sounds like you don't trust the WoT, which is fine. There is=
 no rule in the use of encryption that says you must trust any =
signature of any person whom you don't know personally. That =
would be high up in the formal methods list.

That means under the rules that you have created for trusting =
keys, CA's and keysigning parties aren't a useful venue for =
gathering signatures.

Where CA's are valuable are in situations where a large group =
of people with something in common can't sign each others' =
keys. For example if IBM started to use OpenPGP, they could =
setup a CA, with a trusted introducer in each location's HR or =
IT department. This would make it easier for Alice in NY to =
trust that Bob in Chicago works for IBM. This may or may not be=
 valuable to you or anyone outside of IBM. Again it depends upon=
 the rules that you go by.

Version: GnuPG v1.2.1 (MingW32) - GPGrelay v0.92