Why CAs or public keysigning?

Dennis Lambe Jr. malsyned@cif.rochester.edu
Wed Jun 18 18:18:03 2003

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Wed, 2003-06-18 at 11:08, Peter L. Smilde wrote:
> My problem is different: even WHEN I trust that they have checked a
> person, I cannot be sure that they checked the person I want to
> communicate with. This problem occurs as soon as duplicate names are
> possible.

Without the WoT, I could be anyone.  With the WoT, I could be anyone
named Dennis Lambe Jr.  The WoT does not completely eliminate the
problem of misrepresentation, but it makes it millions of times less
likely.  Non-uniqueness of names in the Real World does add a little
uncertainty to the PGP trust model, but it is a very small amount.

Without a trust model, all I would need to do to intercept your
communications with "Bob" would be to generate a key with a "Bob" UID
and get you to put that key in your keyring.  With the WoT, I'd have to
find someone named "Bob" (or with a sufficiently convincing photo ID
stating that he was "Bob", corrupt him, convince him to attend several
keysigning parties, and then get you to put that key in your keyring.=20
By the time I've done that, you and Bob have probably long since
exchanged valid public keys and begun communicating securely.

So basically, if you have an enemy powerful enough to find and control
people with the same names as everyone you will communicate with before
you resolve to communicate with them, you need a stronger trust model
than the WoT.  But if your enemy's that powerful, he's probably just
going to pay one guy to install a spy program (such as a keylogger) on
your computer or "Bob"'s or circumvent your protections in one of the
other far more conventional and effective ways.

I do hope someone will correct me if I'm totally off-base, but I don't
see how the non-uniqueness of human names does very much to diminish the
effectiveness of the WoT.

--Dennis Lambe Jr.

Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.2.2 (GNU/Linux)
Comment: My public key is available at http://cif.rochester.edu/~malsyned/public_key.html