From: Steve Reid <root@edmweb.com>
Date: Thu, 9 May 1996 15:55:27 +0800
To: cypherpunks@toad.com
Subject: Re: Transitive trust
Message-ID: <Pine.BSF.3.91.960508152010.283A-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


Submitted for your (dis)approval...

-----BEGIN PGP SIGNED MESSAGE-----

> And beliefs are in some sense what we are really talking about. There is no
> simple scalar quantity called "trust" (at least not one I can imagine), but
> different agents will have different beliefs about different things. One
> set of beliefs about signatures on keys has a lot of similarities to the
> "web of trust." In fact, imagine this "diminishing wavefront of belief"
[butchered for brevity]
> Can this be more mechanized? Can numbers be attached, and perhaps
> propagated? (I mentioned "diminishing wavefront of belief," because
> implicit in this viewpoint, inevitably (and rightly, I think), is the
> notion that "distant relations" have low probabilities of belief, all other
> things being equal.

I think we need to make a distinction between belief in identity and trust
in competence. Currently, signing a key *only* means that you believe that
the person is who they say they are. It should also be possible to state
that you believe a person is competent enough to use proper care when
signing other keys.

Obviously, you wouldn't competence-sign someone's key unless you've known 
them for quite some time. The "competence web-of-trust" would grow very 
slowly. This competence-web-of-trust would have to remain tightly-knit, 
as you wouldn't want to trust anyone more than a couple links down the 
chain.

While the web-of-competence would grow slowly, this small group of people 
could identity-sign a lot of keys.

I know this might sound a bit like a hierarchical structure of trusted 
people (which it *could* be) it's really more like a web, and anyone 
could create their own web-of-competence, and the webs could eventually 
be linked together.

Creating a web-of-competence would take a long time, and a lot of effort. 
But, signing could actually become a paid service, which would give people 
incentive to gain trust (by being paranoid when it comes to key signing). 
The most widely trusted people could charge significant amounts of money 
for the time needed to verify a person's credentials. Of course, there 
aren't currently many people out there worth paying an arm and a leg to 
get them to sign your key, but I could see people paying $5-$500 to have 
their key identity-signed by someone like PRZ.

Having a key competence-signed by someone like PRZ would obviously cost a
lot more than identity-signing, since it would take a lot more time to
gain that much trust. It would not be unlike paying for an education, and
with identity-signings being worth $5-$500 or more, it could be a
worthwhile investment. Having a key competence-signed by more than one
person would increase the value of your key, and once there are a couple
good signatures on your key, other people would be more willing to
competence-sign it, because there would be less risk involved (risk to
their reputation).

There would probably have to be more than one level of competence signing.
It should be possible to say "I trust this person to use care when
identity-signing other keys", and it should also be possible to say "I
trust this person to use care when competence-signing other keys". That
second type of signature would be *very* valuable, and it would be
necessary to have that and possibly even higher levels of trust in order
to make the web-of-competance a reasonably large size. 

When you sign a key, you are placing your reputation on the line, so you 
must be certain that the level of trust you're placing is appropriate. 
But what happens when someone goes rogue and ignores credentials, and 
signs keys of anyone who is willing to pay the price? You would regret 
signing the rogue person's key. So, IT SHOULD BE POSSIBLE TO REVOKE 
TRUST, in order to protect your own reputation.

PGP currently only allows a person to revoke their own key. Most people 
would revoke their key if it were stolen, to protect their own 
reputation. However, some people may be unwilling or unable to revoke 
their own key, and if you signed that key, your reputation may be 
affected. Clearly, it should be possible to remove your signature from 
someone's key.

Revoking trust has it's own little problem: Some people might accept cash
and sign a key, then revoke the trust in the key, keeping the cash. 
Easily fixed: the people who have signed the con man's key could revoke
the trust in that key, bringing an abrupt end to the con man's 
key-signing days.

What it all comes down to is reputation. Protect your reputation, and 
you could make a living on your reputation alone.


======================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)     |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/  |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E6 8C09EC52443F8830 |
|               -- Disclaimer: JMHO, YMMV, IANAL. --                 |
====================================================================:)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQEVAwUBMZEckdtVWdufMXJpAQFSwAgAnhCALlQdfyYJ+Cp3WSXqMiOLG8ubtFJB
jUWyXyd3T0u8RxwraIq4emxW4HZZNMBNKet4rZzkA9VqAZ3+p9337jUS6XBuE56V
IRLhQy80TyrqwQVpSKXXOmPlZdmhzAF/OJE4LZF4gMh5RIANFTUXzBkVSJ8FsB1C
KXjgzk1E+5hdQ0FrwaAc9LIrq6UokhO7pIKb5tlmntXHhtDm+yLpm5QvrCxwnBad
3KlxAtWvQYVQTb5a9bhgnFXVRDjh/lQ1bxncJ1ap1oJP0E6nMfHq282G8UxnrUuY
qyksNGJDgWElExzXKntdyqP+bOiIn4jwVyjBcrBZS9V3GxWOPZz4ew==
=Z66X
-----END PGP SIGNATURE-----