From: frantz@netcom.com (Bill Frantz)
Date: Thu, 30 Nov 1995 10:33:15 +0800
To: Carl Ellison <raph@c2.org
Subject: Re: The future will be easy to use
Message-ID: <199511290808.AAA14767@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 15:30 11/28/95 -0500, Carl Ellison wrote:
>BTW -- PGP currently lacks a way for me to note, when I sign a key, how it
>is that I trust that key (by personal meeting, by attribution, by message
>association, ...).  A signed attribute record would let me record that
>information for myself as well as for others.

There is more to this problem than how it is that I trust the key.  There
is also what I trust it for.  I just added a key to my key ring that I will
use for sending confidental data to a client site.  I trust that no one can
access the secret key who is not also inside their firewall.  However, the
key is on a multi-user system, so I do not trust that it is accessable to
only one person.  Since the data I intend to send will be publicly
available inside the firewall, I don't have to trust more than the
firewall.

It is hard to see how to record the information about how much I trust the
receipent's systems security.

Bill


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz@netcom.com             Los Gatos, CA 95032, USA