Relevance of PGP?
John Abreau
jabr-mNDKBlG2WHs at public.gmane.org
Sun Jun 12 20:01:24 EDT 2011
The point I'm trying to make is that automation is similar to simplification.
As Albert Einstein used to say, "Everything should be made as simple
as possible, but no simpler". When you oversimplify something, you
essentially destroy a fundamental part of it.
The same concept applies to automation. We don't want to be required
to do something manually, or hire someone to do it for us, if it can be
automated. But something that cannot be automated without sacrificing
a critical part of its essence should not be automated. And my gut feeling
is that when you try to automate the trust model, there's a serious danger
that you could recreate weaknesses similar to what we see in the SSL
infrastructure.
Maybe there are parts of it that can be safely automated, but I'd want to
examine the implementation long and hard to make sure they were safe.
On Sun, Jun 12, 2011 at 5:02 PM, Anthony Gabrielson
<agabrielson1-Wuw85uim5zDR7s880joybQ at public.gmane.org> wrote:
>
>
> On Jun 12, 2011, at 4:50 PM, John Abreau wrote:
>
> If you don't like the web-of-trust model at all, then instead of extending
> it,
> you can replace it entirely. Either way, I'm just saying that a distributed
> model where you choose who to trust, or choose who to delegate decisions
> about trust, is better than a model where everyone in the world is
> effectively
> compelled to trust the One True Authority.
>
> Agreed. I think a decentralized model is ideal. If one one central server
> is compromised the network as whole should not be dead.
>
> If someone compromises your lawyer who you trust to manage your
> PGP keys, you need to change your lawyer and your keys' trustdb.
> You should be able to hire a PGP "locksmith" to audit and clean up
> your keyrings.
>
> I think a web-of-trust (note: not the current one) can do that for you. PGP
> provides you with a public key and private key, who cares who has your
> public key. So if I want to send an email to you - my computer should be
> able to ask yours for it. There is a little bit of infrastructure involved,
> like Kerberos, but if my key server gets hacked the results are alot less
> dire and easier to clean up. I don't necessarily think we need to hire
> people to do things that should be handled automatically.
>
> If someone compromises Verisign's top-level root certificates, you need
> to change your top-level SSL authority. How many independent top-level
> certificate authorities are there? My understanding is that all of them are
> heavily depended on Verisign, and none of them can truly be considered
> independent. If my understanding is correct, then there is no other
> authority that can replace Verisign.
>
> I think the very idea of a root level certificate is a loser. Its one of my
> main gripes against DNSSEC. They are essentially saying you need to trust
> them and they give you no visibility at all. If they are compromised or
> paid to do something (by say a government) the users may have no visibility.
> Have you followed Blackberry in India? If so I think you will see I'm not
> stretching at all.
>
>
--
John Abreau / Executive Director, Boston Linux & Unix
AIM abreauj / JABBER jabr-iMZfmuK6BGBxLiRVyXs8+g at public.gmane.org / YAHOO abreauj / SKYPE zusa_it_mgr
Email jabr-mNDKBlG2WHs at public.gmane.org / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9
PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99
More information about the Discuss
mailing list