From: frantz@netcom.com (Bill Frantz)
Date: Wed, 8 May 1996 13:06:36 +0800
To: Hal <cypherpunks@toad.com
Subject: Re: Transitive trust and MLM
Message-ID: <199605072229.PAA28013@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:50 AM 5/7/96 -0700, Hal wrote:
>Unfortunately we are left with a choice between three not very good
>possibilities: accept transitive trust and hierarchical key CA
>structures; use very flat hierarchies where one signer validates huge
>numbers of keys; or accept that only a small number of keys can be
>validated by key signatures.  I think all these are troublesome and in
>fact it makes me question the whole notion of key signatures.

Some of the solution to this problem may come from the answer to the
question, "What am I trusting the receiver with?"  I can see a number of
possibilities:

(1) I just want an envelope so casual eavesdroppers can't read the mail. 
Given the people Rich Graves has been dealing with, I see this as a
powerful reason to encrypt all private email, just as you might send all
private postal mail in envelopes rather than on postcards.

In this case, I don't need a lot of confidence.  Yes, a man-in-the-middle
(MIM) can read the mail, just as the post office can open the envelope. 
However, the rest of the world won't see it unless the MIM wants to get
caught.  End-to-end, out of band acknowledgements can ensure that the
message gets thru.  (If the people I'm going to the mountains with don't
pick me up, and I got in-band acknowledgements, I WILL suspect a MIM.)

(2) I am sending someone else's secrets to a perfect stranger.  An example
might be sending company confidential information to a researcher another
company R&D center half way around the world.

In this case, I want to get the key from a location approved by the owner
of the secret, making the problem the companies and not mine.

(3) I am sending information which, if released, might cause significant
harm to me or someone close to me.

I can't see sending information of this nature to someone I don't know
really well.  In this case, out-of-band key fingerprint exchanges will work
well.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA