Subject: Re: adding gpg to src/gnu/dist
To: Daniel Carosone <firstname.lastname@example.org>
From: Steven M. Bellovin <email@example.com>
Date: 05/18/2004 08:56:15
In message <20040518023038.GE3452@bcd.geek.com.au>, Daniel Carosone writes:
>So, there are many cats, and they have all been skinned differently,
>but where are we trying to herd them?
Precisely. And that's completely apart from questions of code and
Let me toss out this thought. The PGP model is based on a human
understanding of trust and role relationships. It's easier for a
person to judge whether three hops, all marked as very trusted, are
better than one hop that's sort-of trusted. While it's possible to
automate the calculation, I personally have found the results to be
unsatisfactory. Similarly, role restrictions in PGP are encoded as
human-readable strings in the user name. Thus, examining my key ring I
see that one person has a "[SIGNATURE]" key, while another has a
"SIGNING ONLY" key. I myself use a different key (marked "Jabber key")
for Jabber. In X.509, that sort of distinction (and many other things
about name formats) are explicitly encoded, making it much easier for a
program to check them.
So -- what do we want to be checkable, by whom or what, and in what
sort of environment?
--Steve Bellovin, http://www.research.att.com/~smb