Web of Trust itself is the problem

Werner Koch wk at gnupg.org
Thu Jan 7 12:40:33 CET 2010


On Thu, 07 Jan 2010 09:36:26 +0000, makrober wrote:

> G/PGP isn't widely used because it does not address adequately the
> real-life operational circumstances of the potential user, and

I still believe that OpenPGP along with PGP 2.1 is the most used data
protection scheme for plain data and email.  We don't have any hard
facts except for problem reports we have seen over more than a decade.
There must be a reason why OpenPGP application are even sold for
mainframes; they need to exchange data with Unix and PC users.

> On the other hand, WoT brings with it an immense problem for a
> large number of those that need to communicate in secrecy: it is
> providing an adversary with a traffic analysis tool that he can
> only wish for. To state - as those who promote the system in its

That is simply not true.  The only fact you can read from the WoT is
that two person have met around some date.  That is in most
circumstances not a secret fact; you merely have to look at the list
of attendees of conferences.  The WoT can give you only a clue if you
have only a few signatures on your key.

You can get a better set of data for traffic analysis by monitoring
the keyservers.  However this has nothing to do with the WoT.

> Or - Web of Trust isn't the solution, Web of Trust is the problem.
> Consequently, a WoT "improvement mechanism" such as outlined in
> the presentation is, unfortunately, extremely unlikely to advance
> the adoption of g/pgp.

Until recently almost every mail client simply ignored the key
validity and encrypted anyway.  Yes, that is not as one should do it
but it shows that the WoT is not really used.  The majority of people
don't care.  For example. my key is around for many years now and for
quite some time it has been one of the top connected keys.  Despite
that I only recently could find a trust path to the keys used to sign
the linux kernel.  They Linux hackers obviously didn't care about
getting involved into the WoT.  (I am not sure whether this is pro or
contra to your statement ;-)


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list