1996-08-08 - Re: PGP public key servers are NOT useful!

Header Data

From: “Perry E. Metzger” <perry@piermont.com>
To: cypherpunks@toad.com
Message Hash: 4c31721adaa3ef13e51aaaa55bf7788425bf149dc58bc1c9586dc049f9ad13af
Message ID: <199608081351.JAA14923@jekyll.piermont.com>
Reply To: <199608080452.AAA08047@comet.connix.com>
UTC Datetime: 1996-08-08 21:01:41 UTC
Raw Date: Fri, 9 Aug 1996 05:01:41 +0800

Raw message

From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 9 Aug 1996 05:01:41 +0800
To: cypherpunks@toad.com
Subject: Re: PGP public key servers are NOT useful!
In-Reply-To: <199608080452.AAA08047@comet.connix.com>
Message-ID: <199608081351.JAA14923@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Amnesia Anonymous Remailer writes:
> The web of trust just certifies that the key belongs to someone.  If
> you'd read to the end of the message, you would have seen that I was
> not complaining about the key certification process in PGP.  At issue is
> NOT whether a key can be trusted to belong to someone, but whether or
> not random people should be able to tag others' PGP keys with crap.

You still don't get it, do you?

It doesn't matter what random idiots tag onto your key so long as
there is no trust path between the user of the key and the idiot who
tagged stuff on. If someone signs "grand wizard of the KKK" onto your
key, what do you care if no one trusts the signator who attached the
crap?

> What I want to prevent is some person I dislike uploading his
> signature on my key (particularly if he adds another ID to my key and
> signs that).

Why do you care?

> How would you like it if I added a new ID to your key containing sort
> of insult, certified that ID, and uploaded the new signature to the
> key servers.

I wouldn't give a flying rat's buttocks, because unless the signatures
are widely trusted the information is noise.

Perry





Thread