Web of Trust itself is the problem

Faramir faramir.cl at gmail.com
Mon Jan 11 04:57:36 CET 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Robert J. Hansen escribió:
...
> Crypto is not like this.  Sure, you don't need to understand Feistel
> networks or large number theory in order to use crypto, but look at what
> you *do* need to understand:
> 
> * Identity verification
  I think I understand it.

> * Document verification
  I hope I understand it.

> * What a hash is
  I understand it.

> * How hashes are used
  I think I understand it.

> * How hashes are misused and shouldn't be used
  Ehh... I've never thought about it. How they should not be used?

> * Out-of-band verification
  I think I understand it...

> * Type I versus Type II error
  I don't have any idea about this, can you please clarify it?

...
> As an example, a fairly tech-savvy friend of mine made a habit of
> signing all her emails.  Her reasoning was, "if people ever see a
> message that's not signed, they'll know it's not from me."  This
> reasoning sounds good, and many people on this list would probably agree
> with it.  The problem is that it's incorrect.
> 
> If someone using her name were to post a racist, hate-filled screed on
> the internet, would she really be able to persuade people she didn't
> write it just by saying "look, I didn't sign it"?  Or would her critics
> say, "of course you didn't sign it, you wanted to be able to deny
> writing it!"?

  I get your point. However, people should be considered innocent until
proven guilty. Of course if we talk about racism, paedophilia or drugs
traffic, people is guilty even if they have been dead for years before
the incident.

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJLSqGwAAoJEMV4f6PvczxAfckIAJqXGBlfoTd5Gq92/nFv63oZ
qcD/3oHHTxxc7OfRHkiU+wOc0vscOcxnraIe+KPsdqexpiEou7Z0gI9QxwqMMJaF
dXR13zqO6kKd687UINfiXurr2rEoT8u9EXpyW1me44yaIsXuyST/Apr2VhLBeomq
sQg4nOUm4d8/zPl3HXq2siMAHLgjGM7RnaqoMOHfcDD6Yl/0UNesQ67RHMlktBGm
DKfXDTztAyMec1GDnrkLTovER7wBwMRFPQPDZk+rzoy7zZXRvuUZSQ18WMDcDQEo
DA7oSGED5PmKGl+70hUHcprYcszp6ditvnxe0cWEyZvnKgAJfCPSncNDTes+pPY=
=zY0v
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list