Web of Trust itself is the problem

makrober makrober at gmail.com
Thu Jan 7 14:30:28 CET 2010

Greg Sabino Mullane wrote:

>> But the rest of the "Why isn't [it] used" is plain wrong.
>> G/PGP isn't widely used because it does not address adequately the
>> real-life operational circumstances of the potential user, and
>> Web of Trust is the main culprit. It brings an enormous burden...
> You're disregarding the other major use of the WoT, which is
> authentication.

A public key communication system such as gnupg can have three,
somewhat related but to the user very distinct purposes:

1) secrecy of communication
2) authentication of the public key of message recipient.
3) non-repudiation of the content by it's sender.

To a cryptographer, all three may seem equally important. In practice,
they are not: the first one is of extreme importance and can not be
substituted by any means outside of the system. The second not only
can be achieved by methods that operate in addition to or outside of
the system, but it is, for varios reasons I outlined before, sometimes
(or perhaps even often?) desirable to do so. Finally, the third
(I believe this is what you refer to above?) is, in practical terms,
an extremely rare requirement when compared to the first one.

If the above is the case, making a system very hard to use because of
secondary objectives which are either hardly ever of real use
(non-repudiation) or likely/preferably achieved by other means better,
can't be conducive to the wide adoption of such system.


More information about the Gnupg-users mailing list