From: “Perry E. Metzger” <perry@imsi.com>
To: “W. Kinney” <kinney@bogart.colorado.edu>
Message Hash: 048ea09029e45cd450dab67e95ffa61930af959df380e903a738c56248d77965
Message ID: <9502121802.AA19017@snark.imsi.com>
Reply To: <199502121757.KAA12098@bogart.Colorado.EDU>
UTC Datetime: 1995-02-12 18:03:08 UTC
Raw Date: Sun, 12 Feb 95 10:03:08 PST
From: "Perry E. Metzger" <perry@imsi.com>
Date: Sun, 12 Feb 95 10:03:08 PST
To: "W. Kinney" <kinney@bogart.colorado.edu>
Subject: Re: the problem that destroyed PGP
In-Reply-To: <199502121757.KAA12098@bogart.Colorado.EDU>
Message-ID: <9502121802.AA19017@snark.imsi.com>
MIME-Version: 1.0
Content-Type: text/plain
"W. Kinney" says:
> This isn't a criticism of PGP's key certification paradigm -- PGP allows
> centralized certification (I see a few keys signed by SLED, for instance),
> and it also allows me the flexibility of having mutual certification within
> the circle of people I mail regularly. But web of trust _in and of itself_
> is not proving to be effective when applied to the problem of providing
> reliable key certification on the scale of the internet as a whole.
I think the jury is still out on that. Web-of-trust is still really
untested because of the difficulties in widespread deployment of
PGP. As it stands, PGP is still a hacker's toy -- the lack of a
library or an easy to use global key distribution infrastructure mean
that we have yet to see what can be done. I think that mutually
authenticating organizations with small trust pyramids within the
organizations, but without a global key pyramid, may come to prove
very practical.
Perry
Return to February 1995
Return to ““W. Kinney” <kinney@bogart.Colorado.EDU>”