Saturday, December 17, 2005

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

James A. Donald wrote:
From: Werner Koch
You need to clarify the trust model. The OpenPGP
standard does not define any trust model at all. The
standard merely defines fatures useful to implement a
trust model.

"Clarifying the trust model" sounds suspiciously like
designers telling customers to conform to designer
procedures. This has not had much success in the past.

People using PGP in practice verify keys out of band,
not through web of trust.

James (and Travis, re previous posting on PGP trust model),

Yes. Your observation on out-of-band PGP key verification
is very important and actually exemplifies what Werner
wrote. Exactly because there's no trust model defined
a priori, uses can choose the model they want including
one-on-one trust.

This is important because it eliminates the need for a
common root of trust -- with a significant usability

If the web of trust is used, the sender and recipient must
a priori trust each other's key signers, requiring a
common root of trust -- that may not even exist to begin

So, instead of worrying about what trust model PGP uses,
the answer is that you can use any trust model you want --
including a hierarchical trust model as used with X.509.

Jon Callas and I had several conversations on trust in
May '97, when Jon visited me for two weeks while I was
in Brazil at the time, I think before the OpenPGP WG was
even working on these issues. This is one of the comments
Jon wrote in a listserv then, with a great insight that
might be useful today:

As I understand it, then, I've been thinking about some
of the wrong issues. For example, I have been wondering
about how exactly the trust model works, and what trust
model can possibly do all the things Dr Gerck is claiming.
I think my confusion comes from my asking the wrong
question. The real answer seems to be, 'what trust model
would you like?' There is a built in notion (the
'archetypical model' in the abstract class) of the meta-
rules that a trust model has to follow, but I might buy a
trust model from someone and add that, design my own, or
even augment one I bought. Thus, I can ask for a
fingerprint and check it against the FBI, Scotland Yard,
and Surite databases, check their PGP key to make sure
that it was signed my Mother Theresa, ask for a letter of
recommendation from either the Pope or the Dalai Lama
(except during Ramadan, when only approval by the Taliban
will do), and then reject them out of hand if I haven't had
my second cup of coffee.

Ed Gerck

No comments: