[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Does PGP scale well?



At 4:53 PM 02/11/95, Tom Jones wrote:
>One of the reasons that I consider this to be untrue is my empirical
>experience with two groups that are constantly interested in exactly
>who I am: the government and the credit bureaus.  They both chose to
>use my SSN even though that has all the same attributes of a KeyID,
>except that it is somewhat denser.  Now if this is what happens when
>the real world tries to identify me, why is the KeyID such a bad way to
>identify keys?

It seems like it might be important to note, however, that the government
identification systems are definitely _centrazilized_ modes of information
storage and distribution.  Credit buearues are less obviously centralized,
but still perhaps centralized.  And it could be argued that credit bureaus
would never have used a system like social security numbers for
identification if it hadn't already been in widespread use in the
centralized governmental systems which created it.

This is in sharp contrast to the decentralized mode that we want our
encryption and authorization to function in.  This is for
anti-authoritarian reasons, as well as simply practical reasons.  When the
government is involved, it can mandate that everyone use the system they
are in control of, and they can get the neccesary manpower to actually
implement a centralized system too.  But we don't want to have to trust any
one authority, and we also want a system where everyone does their own work
(like DNS, where every domain has it's own server), if possible.

Conventional wisdom is that PGP is inherently decentralized, and it is, in
a sense, and in it's current web-of-trust model.  But a
social-security-number model of key distribution would definitely _not_ be
centralized.  You are assigned your social security number by a central
authority, and others can look up your social security number by consulting
with that central authority, or with other authorities that have themselves
consulted with the central authority.  That's not a model most of us think
desirable for PGP key distribution.

[It also could be noted that a SSN has some contained meaning, where a PGP
keyid doesn't.  The prefixes on your SSN say what state (and maybe even
what county, I'm not sure) you were born in.  But generally this isn't very
useful information, so this probably isn't an important point.]