Why CAs or public keysigning?

CL Gilbert Lamont_Gilbert@RigidSoftware.com
Wed Jun 18 20:13:02 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Eugene Smiley wrote:
| CL Gilbert wrote:
|
|>>Your are mixing your analogies. A "weakest link" refers to a
|>>chain, not a web. A chain is only as strong as its weakest link,
|>>but a web is as strong as its strongest strand or "link". If I
|>>have what I consider a strong link between myself and (for
|>>example) Werner Koch, then the number of other paths (or links)
|>>between him and myself are irrelevant. If someone has
|>>intentionally tried to corrupt the Web of Trust, you can snip
|>>that person and all their connections out of the web and still
|>>have a coherent whole. The power of the WoT lies in the fact
|>>that it is a web, and not a chain, and thus every node has
|>>multiple overlapping connections. Remember that the "strength"
|>>of the Web of Trust refers to its degree of interconnectedness,
|>>and not to the number of people inside of it. That is why
|>>keysignings are important: they strengthen the Web of Trust.
|>
|>I am not mixing analogies.  The connection you have to your
|>target is only as strong as its weakest link.  Maybe you have
|>several paths, but each one is no stronger that its weakest link.
|
|
| I think you are confused.
|
I do not believe so.

| A - B
| A - C - B
| A - C - D - B
|
| A - B is the strong link. A - C - D - B is the weak link. If D is
removed it has zero effect on the strong link or the validity of B. The
connection is as strong as it's strongest link A - B.
|

A - C - D - B is not a link.  Its a path.  C - D or D - B etc. is a
link.  The path A - C - D - B is no stronger than any of its components.
~ If you do not have faith that C knows D well, then the whole path ACDB
becomes weak.  This has nothing to do with A - B.

| Now it could be more complicated than that, but it would still be true.
|
| A - X - Y - Z - B          Strongest
| A - X - Y - Z - C - B
| A - X - Y - Z - C - D - B  Weakest
|
| Take out D and the strongest link is still the strongest link. The
connection is as strong as it's strongest link A - X - Y - Z - B.
|
|
|

Well I consider what you are calling a link to be a path.  For me a link
is a connection between 2 signatures, nothing more.  Is their some
official terminology that I am not following here?


- --
Thank you,


CL Gilbert
Free Java interface to Freechess.org
http://www.rigidsoftware.com/Chess/chess.html
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard." Ecclesiastes 9:16

GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD  19AE 55B2 4CD7 80D2 0A2D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+8KuMVbJM14DSCi0RAi4LAKCRteSh6E95KvYQrOCBuzMPqMS9YwCgkf6b
RaWuzLXSvNjnzb2hXjTzfXw=
=wrsj
-----END PGP SIGNATURE-----