Interesting how people skipped my argument entirely...
Posted Feb 19, 2010 7:40 UTC (Fri) by khim
In reply to: Good idea, but don't expect too much
Parent article: Trust, but verify
Your examples are not typically considered "central
Because people like to feel they are free and ignore reality, or why?
There are many supermarkets and many independent supermarket
companies, not very central. But even then, many do refuse those
"authorities" and I wouldn't call those who refuse to shop in supermarkets
I never said they are. I said that it's stupid goal to try to make
everyone refuse central authorities and use small local shops instead. This
model just does not scale. Your doctor has a license, your car dealer has a
license, your electric has certificate, etc - these are your "central-
authority issued certificates". Some have self-signed certificate (your
friend who has no licenses at all but does terrific work fixing computers,
for example), but most use "central authorities". You can decide to ignore
some central authorities (like you can choose to ignore CNNIC), but it's
not possible and not feasible to ignore all of them.
Clearly recommendations play a huge role in the real world,
usually a bigger one then central authorities, so why would you think they
should not translate well to the computer world?
Recommendations are absolutely important. Vital, even. But Web-Of-Trust
is not a that. It's some complex technical tool designed to automatically
determine if you should trust someone or not. Most people have neither need
nor abilities to properly use it.
But in reality, the central authority model really is just a
small piece of the web of trust model, wouldn't it be nice to extend that
web of trust to smaller entities also?
KISS principle. Web-of-trust model is complex and opaque, central
authority model is simple and transparent. In security it's often better to
have simple and rigid model rather then complex and flexible one. It's Ok
to have some web-of-trust advisory (like phishing filters employed by
modern browsers) but even to try to replace central authority model with
this... it's neither feasible nor desirable.
to post comments)