From: Eli Brandt <eli@UX3.SP.CS.CMU.EDU>
Date: Wed, 15 May 1996 15:53:50 +0800
To: cypherpunks list <cypherpunks@toad.com>
Subject: Re: Transitive trust and MLM
In-Reply-To: <Pine.GUL.3.93.960513225226.19375C-100000@Networking.Stanford.EDU>
Message-ID: <199605142031.NAA19800@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> That sounds sincere coming from someone who calls himself "eli+" :-)

Nah, that would be "eli++".  Or better, "++eli".  Actually, this keeps
CMU's overly-clever mail system from delivering my mail to an "Edward
Lawrence Immelmann" -- it prefers initials to login names.

> > It's true that you don't need to talk to everybody.  The problem is
> > that I might want to talk to people whom I don't know personally, but
> > know by reputation, or by function ("DEA Rat Hotline" -- well, maybe
> > not).
> 
> Yes, that is a problem. That problem is one of the reasons that public key
> encryption was invented, actually.

But PK doesn't make the key distribution problem go away.  This thread
has been about a particular approach to PK key distribution, the web
of trust, and how to model its behavior.

> The way to know whether an untrusted key really belongs to someone is to
> wait for the response. Which means don't spill all the beans at once.

Generally insufficient.  If someone is going to go to the trouble of a
key-substitution attack, they're going to take the time to compose a
plausible response.  This approach is useful if the intended recipient
*is* well-known to you.

--
   Eli Brandt
   eli+@cs.cmu.edu