Why CAs or public keysigning?

Joseph Bruni jbruni@mac.com
Thu Jun 19 03:25:02 2003

Hash: SHA1

The odds of you knowing someone who knows someone you know (three 
steps) are surprisingly high (at least in the US). I believe at last 
check the odds were around 1:100. Given that, you may receive a key 
that has been signed by someone you know or at least trust to verify 
the key in question.

Just because a key is signed with 100 signatures of people you don't 
know means nothing to you. But if one of those 100 signatures is by 
someone you know and trust -- that key is valid to you.

"Trust", in the PGP sense, is a personal, subjective level you assign 
to a person (represented by their key) when you know they 
conscientiously verify keys.

"Validity" is a measure of a key's authenticity based on the trust of 
attached signatures.

Personally, I assign no trust to anyone, because I have yet to meet 
anyone as conscientious in verifying keys as I am. Surely, there are, 
but I don't know them yet. Should I meet and observe someone verifying 
keys on a consistent basis over a period of time, I will increase their 
trust level, but for now, I only consider valid those keys which I have 
personally verified and signed.

Think of a trusted person as equivalent to a notary public. Just as a 
State considers valid those documents witnessed and signed by a notary 
public, so would you consider valid those keys signed by those you 
trust. In the WoT model, it's not a matter of the State granting trust, 
it's you.

Regarding public key signing parties, all they do is increase the odds 
that you encounter a key signed by someone you trust. A CA is just 
another "trusted" third person.

On Wednesday, June 18, 2003, at 04:15 AM, Peter L. Smilde wrote:

> But what, when I (or my trustworthy friends) don't have direct contact
> with a person and his key has only been signed by CAs or by persons he
> only has met on a public keysigning-party (case 4)? That means that his
> key has been signed by persons, that I cannot ask personally if the
> person they checked really is the person I expect him to be (like case
> 2) and I cannot recognise any relationship to him (like case 3).
Version: GnuPG v1.2.2 (Darwin)