Subject: Re: adding gpg to src/gnu/dist
To: Daniel Carosone <dan@geek.com.au>
From: Steven M. Bellovin <smb@research.att.com>
List: tech-userlevel
Date: 05/18/2004 08:56:15
In message <20040518023038.GE3452@bcd.geek.com.au>, Daniel Carosone writes:
>
>So, there are many cats, and they have all been skinned differently,
>but where are we trying to herd them?

Precisely.  And that's completely apart from questions of code and 
interface quality.  

Let me toss out this thought.  The PGP model is based on a human 
understanding of trust and role relationships.  It's easier for a 
person to judge whether three hops, all marked as very trusted, are 
better than one hop that's sort-of trusted.  While it's possible to 
automate the calculation, I personally have found the results to be 
unsatisfactory.  Similarly, role restrictions in PGP are encoded as 
human-readable strings in the user name.  Thus, examining my key ring I 
see that one person has a "[SIGNATURE]" key, while another has a 
"SIGNING ONLY" key.  I myself use a different key (marked "Jabber key")
for Jabber.  In X.509, that sort of distinction (and many other things
about name formats) are explicitly encoded, making it much easier for a 
program to check them.

So -- what do we want to be checkable, by whom or what, and in what 
sort of environment?


		--Steve Bellovin, http://www.research.att.com/~smb