[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Transitive trust and MLM

To: cypherpunks list <[email protected]>
Subject: Re: Transitive trust and MLM
From: Eli Brandt <[email protected]>
Date: Tue, 14 May 1996 16:19:58 -0400 (EDT)
In-Reply-To: <[email protected]> from "Rich Graves" at May 13, 96 10:56:15 pm
Sender: [email protected]

> That sounds sincere coming from someone who calls himself "eli+" :-)

Nah, that would be "eli++".  Or better, "++eli".  Actually, this keeps
CMU's overly-clever mail system from delivering my mail to an "Edward
Lawrence Immelmann" -- it prefers initials to login names.

> > It's true that you don't need to talk to everybody.  The problem is
> > that I might want to talk to people whom I don't know personally, but
> > know by reputation, or by function ("DEA Rat Hotline" -- well, maybe
> > not).
> 
> Yes, that is a problem. That problem is one of the reasons that public key
> encryption was invented, actually.

But PK doesn't make the key distribution problem go away.  This thread
has been about a particular approach to PK key distribution, the web
of trust, and how to model its behavior.

> The way to know whether an untrusted key really belongs to someone is to
> wait for the response. Which means don't spill all the beans at once.

Generally insufficient.  If someone is going to go to the trouble of a
key-substitution attack, they're going to take the time to compose a
plausible response.  This approach is useful if the intended recipient
*is* well-known to you.

--
   Eli Brandt
   [email protected]

References:
- Re: Transitive trust and MLM
  - From: Rich Graves <[email protected]>

Prev by Date: Re: Fingerprinting annoyance
Next by Date: Rural Datafication (Was Re: Edited Edupage, 9 May 1996)
Prev by thread: Re: Transitive trust and MLM
Next by thread: Re: Transitive trust and MLM
Index(es):
- Date
- Thread