certificate chain depth

Robert J. Hansen rjh at sixdemonbag.org
Sat Apr 25 21:27:26 CEST 2009


> Hi, I don't wish to be over-simplistic, but I had thought that the web
> of trust was a people thing rather than a mathematical model.

Honestly, it's a little of one and a lot of the other.  The questions of
"whom do I trust and why?" is purely a human factor; the questions of
"... and given I trust them, what can I deduce to be true?" is a
mathematical question.

> What is trust anyway?

Generally, trust is the ability to break someone's security policy.

E.g., I've given a friend of mine from college, John Hawley, a trusted
signature.  John can now screw over my local security policy.  If I see
a key which John has signed, I'm going to assume that key is valid.  If
John signs keys that aren't valid, he can break my security policy.

This is why most uses of the phrase "trusted system" give security geeks
the heebie-jeebies.  A trusted system is, ironically, more dangerous
than an untrusted system.  An untrusted system has no capability to
break your security policy; a trusted system can.  That means trusted
systems often need to be watched like hawks.

In a similar vein, many Wall Street brokers were trusted with billions
of client money -- and they should have been watched closely as a result
of that trust.



More information about the Gnupg-users mailing list