[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The future will be easy to use



On Mon, 27 Nov 1995, James A. Donald wrote:

> At 03:30 PM 11/28/95 EST, Carl Ellison wrote:
> > Of course.  This isn't the base case.  We would have some keys which I sign
> > based on my own personal knowledge; things handed to me by people I know;
> > some possibly published in the paper where the real key owner would see the
> > claim and be able to contest it.
> 
> You are making the same erroneous assumption that Phil made when he
> designed the Web of trust:  You assume that it is important and 
> interesting to link key ID's to physical bodies.  This is usually
> not the case:  Linking key ID's to home web pages etc is not only 
> easier -- it is also usually more interesting and important.

Not if you're encrypting a Credit Card transaction to ship physical 
goods.  In that case, I'm going to certainly want to link a key ID to a 
physical body (or at least address) if I'm the seller, so as to limit 
liability as best I can.

While this might not ultimately be important, early adopters of crypto on 
the net seem in general to be financially interested with an eye to limiting 
liability. They want linked keys.

There's a public-relations aspect to crypto which most systems not 
linking name -> key id fail.  This is the step necessary to get it out 
the door.

Unfortunately, it also appears counter to CP philosophy.

However, if you have optional linking of ID and name, shippers will only 
ship to keys with such attributes. Because just ID and address, it could 
be a "hit and run" type attack shipped to a safe maildrop.

Jon
------------------------------------------------------------------------------
Jon Lasser                <[email protected]>            (410)494-3072 
          Visit my home page at http://www.goucher.edu/~jlasser/
  You have a friend at the NSA: Big Brother is watching. Finger for PGP key.