[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: connecting Uni to the Web O Trust
-----BEGIN PGP SIGNED MESSAGE-----
[email protected] wrote:
(> Black Unicorn <[email protected]> wrote:)
> > (Sigh). I'll say it yet a third time. Get a current copy of my key which
> > is signed by at least three people on the web of trust.
>
> As if this "web of trust" was actually worth something.
It is most certainly worth something, as long as the
participants exercise the necessary measures to detect and
correct any active attacks on it. The primary reason that
the Web O Trust is ineffective at this point is the
prevalence of misunderstandings among users (including
cypherpunks) about its usage and its efficacy.
As an example of these prevalent misunderstandings, I submit
to you the fact that PGP keyservers do not use PGP, either
for encryption or authentication. If you suggest it to them
(or indeed, to most cypherpunks) they will respond that it
would "do no good". Ridiculous.
It's a shame really, since if we _did_ have the wits to
create a Web O Trust now, it would serve to prevent active
attacks in the future.
Hopefully the public key infrastructure people will come up
with something that will replace the WoT and will be more
understandable or acceptable to people.
In the meantime, I cannot have much confidence in the
security of my private communications with Black Unicorn,
which makes me hesitant to exchange money with him.
Unfortunate that cypherpunks are so ineffectual when it
comes to "social engineering" (not in the "social cracking"
sense).
Regards,
Bryce
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2
iQB1AwUBMYSB8kjbHy8sKZitAQEuhwL/YDwOJB9pFP2Fbj0DBMvN8byLm4O3XwTK
klt5SOkS4ahKoE04bzTAMb2HhyX4xGyGxJD/dbB0FxJSHRSpI5Th/6Jk6UNNQrMe
6GppN1HO2yHA5muxNxwWiERk0XGNtaFN
=jMKu
-----END PGP SIGNATURE-----