From: "W. Kinney" <kinney@bogart.Colorado.EDU>
Date: Sun, 12 Feb 95 09:57:47 PST
To: cypherpunks@toad.com
Subject: Re: the problem that destroyed PGP
In-Reply-To: <199502121727.MAA20000@crypto.com>
Message-ID: <199502121757.KAA12098@bogart.Colorado.EDU>
MIME-Version: 1.0
Content-Type: text/plain



Matt Blaze writes:

> I don't think anyone has suggested there's any one problem that
> "destroys" PGP.  Several people have pointed out a number of problems
> that limit PGP's scalability in various ways.  Its flat key ID
> namespace is one.  Lack of functional modularity is another.  Its
> fixed certification model is still another. 

Certification really does need to be added to the discussion on scaling.
In the sense that I want to be able to download a stranger's key from 
a key server and have some idea of its reliablility, web of trust has
turned out to be a real failure, IMO. There's no "web", rather a large
set of disconnected "islands" of signatures. I'm looking at the latest
keyring from MIT right now, and noticing that most of the keys are
either unsigned or self-signed. The majority of the rest have signatures,
but signatures that are unconnected to me via the web of trust, so that
they are entirely useless. I suspect that my situation is by far the
most common one: the only keys that I have any verifiable authentication
for are ones I've signed myself, or ones that are signed by people 
in my immediate circle. The chain of signatures dies very close to me.

This isn't a criticism of PGP's key certification paradigm -- PGP allows
centralized certification (I see a few keys signed by SLED, for instance),
and it also allows me the flexibility of having mutual certification within
the circle of people I mail regularly. But web of trust _in and of itself_
is not proving to be effective when applied to the problem of providing
reliable key certification on the scale of the internet as a whole. 


                                  -- Will