From: “W. Kinney” <kinney@bogart.Colorado.EDU>
To: hfinney@shell.portal.com (Hal)
Message Hash: b0176c0d89443a1806ead7f32487a27dc71325066eceb46e8f8f324503df4ef1
Message ID: <199502121933.MAA12403@bogart.Colorado.EDU>
Reply To: <199502121820.KAA04736@jobe.shell.portal.com>
UTC Datetime: 1995-02-12 19:33:39 UTC
Raw Date: Sun, 12 Feb 95 11:33:39 PST
From: "W. Kinney" <kinney@bogart.Colorado.EDU>
Date: Sun, 12 Feb 95 11:33:39 PST
To: hfinney@shell.portal.com (Hal)
Subject: Re: the problem that destroyed PGP
In-Reply-To: <199502121820.KAA04736@jobe.shell.portal.com>
Message-ID: <199502121933.MAA12403@bogart.Colorado.EDU>
MIME-Version: 1.0
Content-Type: text/plain
Hal Finney writes, in regard to web-of-trust:
> But this is not quite right. The fundamental fact about PGP key signatures,
> which is often misunderstood, is this:
>
> You can only communicate securely with someone whose key is signed by a person
> you know, either personally or by reputation.
>
> In other words, if I want to communicate with joe@abc.com, I can only do so
> if one of the signators of his key is a person I know. If not, I have no way
> of judging the validity of his key.
There are, however, degrees of certainty here. The only person I trust
implicitly to sign keys is myself. If I have a key which is separated from
me by more than one hop in the web of trust, but still connected to me
via a chain of signatures, I have more certainty that this key is valid
than I do for an unsigned key. Granted, if I don't know the actual signator
of a particular key, my level of trust in the key's validity is pretty
low, but it's nonzero as long as it's connected by a chain of signatures.
The ease of mounting of a man-in-the-middle attack decreases with increasing
signature connectivity, no?
Of course, the reality is that use of totally unverified PGP keys is
widespread, even among people who are well educated on the subject. This
is not a good thing in the long run.
-- Will
Return to February 1995
Return to ““W. Kinney” <kinney@bogart.Colorado.EDU>”