Trust, but verify
Posted Feb 22, 2010 11:45 UTC (Mon) by dkg
Parent article: Trust, but verify
Thanks for the writeup, Jake! A comment about terminology. You wrote:
In practice, if Adam signs Bonnie's key, and Clarisse trusts Adam, that means that Clarisse can trust Bonnie's key. Whether Clarisse should trust David's key, which is signed by Bonnie, depends to a large extent on how much she trusts Adam.
if Adam has published a trust signature for Bonnie saying that she is fully trusted by him, and Clarisse fully trusts Adam (publicly or privately), she is likely to trust David's key.
statements like the above get confusing pretty fast because you're using the term "trust" in two very different ways. You're not the first to do this -- the gnupg documentation itself conflated these ideas until relatively recently
In trying to clarify what's happening here, i prefer to drop the (abused) term "trust" altogether, and instead use two separate ideas: "ownertrust" and "calculated validity":
- Ownertrust answers a question about a key. It answers the question "how much do i think i can rely on certifications issued by the person (or persons) who control this key?"
- Calculated validity answers a question about a (key,user ID) pair. It answers the question "How strongly do i believe that this key belongs to someone with the given User ID?" ("with the given User ID" usually means "with the given real name and e-mail address" in the case of people, or "the ssh or https service at a given hostname" in the case of service User IDs)
Web of Trust-based cryptosystems like OpenPGP use a person's explicitly-stated ownertrust
to help them automatically calculate the validity
of a key for its User ID.
Thanks also for your highlighting the usability point. Modern tools have done a terrible disservice to ordinary users. We offer all kinds of flashy nonsense, but have done very little to offer intelligible, critical information like "your daughter Amanda (who understands these things) confirms that this is in fact the web site of the credit union you both use, and not a scam." I'd love to see that change.
As more of our society moves online, normal people need functional tools to help them manage their digital identity. People can make good choices when they're asked in a context and a framing that they understand.
to post comments)