Why CAs or public keysigning?
Wed Jun 18 17:06:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
> If the WoT of a particular
> person you are interested in includes 5000 entries/connections/etc. but
> you do not know any of them, then their trustworthiness == 0. I think
> the WoT is only as strong as its weakest link. With that in mind, party on.
Your are mixing your analogies. A "weakest link" refers to a chain, not a web.
A chain is only as strong as its weakest link, but a web is as strong as
its strongest strand or "link". If I have what I consider a strong link between
myself and (for example) Werner Koch, then the number of other paths (or links)
between him and myself are irrelevant. If someone has intentionally tried to corrupt
the Web of Trust, you can snip that person and all their connections out of the
web and still have a coherent whole. The power of the WoT lies in the fact that
it is a web, and not a chain, and thus every node has multiple overlapping
connections. Remember that the "strength" of the Web of Trust refers to its degree
of interconnectedness, and not to the number of people inside of it. That is
why keysignings are important: they strengthen the Web of Trust.
Deciding whom to trust is a personal decision, but at some point you have to
go beyond meeting people personally and start trusting other people. I've never
met most people in the WoT, but if 5 people I knew signed someone's key, and 30
other people I don't know but who have a path back to me have signed it as well,
I am pretty confident that nothing funny is going on.
Greg Sabino Mullane firstname.lastname@example.org
PGP Key: 0x14964AC8 200306181043
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----