Submitted for your (dis)approval... -----BEGIN PGP SIGNED MESSAGE-----

And beliefs are in some sense what we are really talking about. There is no simple scalar quantity called "trust" (at least not one I can imagine), but different agents will have different beliefs about different things. One set of beliefs about signatures on keys has a lot of similarities to the "web of trust." In fact, imagine this "diminishing wavefront of belief" [butchered for brevity] Can this be more mechanized? Can numbers be attached, and perhaps propagated? (I mentioned "diminishing wavefront of belief," because implicit in this viewpoint, inevitably (and rightly, I think), is the notion that "distant relations" have low probabilities of belief, all other things being equal.

I think we need to make a distinction between belief in identity and trust in competence. Currently, signing a key *only* means that you believe that the person is who they say they are. It should also be possible to state that you believe a person is competent enough to use proper care when signing other keys. Obviously, you wouldn't competence-sign someone's key unless you've known them for quite some time. The "competence web-of-trust" would grow very slowly. This competence-web-of-trust would have to remain tightly-knit, as you wouldn't want to trust anyone more than a couple links down the chain. While the web-of-competence would grow slowly, this small group of people could identity-sign a lot of keys. I know this might sound a bit like a hierarchical structure of trusted people (which it *could* be) it's really more like a web, and anyone could create their own web-of-competence, and the webs could eventually be linked together. Creating a web-of-competence would take a long time, and a lot of effort. But, signing could actually become a paid service, which would give people incentive to gain trust (by being paranoid when it comes to key signing). The most widely trusted people could charge significant amounts of money for the time needed to verify a person's credentials. Of course, there aren't currently many people out there worth paying an arm and a leg to get them to sign your key, but I could see people paying $5-$500 to have their key identity-signed by someone like PRZ. Having a key competence-signed by someone like PRZ would obviously cost a lot more than identity-signing, since it would take a lot more time to gain that much trust. It would not be unlike paying for an education, and with identity-signings being worth $5-$500 or more, it could be a worthwhile investment. Having a key competence-signed by more than one person would increase the value of your key, and once there are a couple good signatures on your key, other people would be more willing to competence-sign it, because there would be less risk involved (risk to their reputation). There would probably have to be more than one level of competence signing. It should be possible to say "I trust this person to use care when identity-signing other keys", and it should also be possible to say "I trust this person to use care when competence-signing other keys". That second type of signature would be *very* valuable, and it would be necessary to have that and possibly even higher levels of trust in order to make the web-of-competance a reasonably large size. When you sign a key, you are placing your reputation on the line, so you must be certain that the level of trust you're placing is appropriate. But what happens when someone goes rogue and ignores credentials, and signs keys of anyone who is willing to pay the price? You would regret signing the rogue person's key. So, IT SHOULD BE POSSIBLE TO REVOKE TRUST, in order to protect your own reputation. PGP currently only allows a person to revoke their own key. Most people would revoke their key if it were stolen, to protect their own reputation. However, some people may be unwilling or unable to revoke their own key, and if you signed that key, your reputation may be affected. Clearly, it should be possible to remove your signature from someone's key. Revoking trust has it's own little problem: Some people might accept cash and sign a key, then revoke the trust in the key, keeping the cash. Easily fixed: the people who have signed the con man's key could revoke the trust in that key, bringing an abrupt end to the con man's key-signing days. What it all comes down to is reputation. Protect your reputation, and you could make a living on your reputation alone. ====================================================================== | Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/) | | Email: steve@edmweb.com Home Page: http://www.edmweb.com/steve/ | | PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E6 8C09EC52443F8830 | | -- Disclaimer: JMHO, YMMV, IANAL. -- | ====================================================================:) -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQEVAwUBMZEckdtVWdufMXJpAQFSwAgAnhCALlQdfyYJ+Cp3WSXqMiOLG8ubtFJB jUWyXyd3T0u8RxwraIq4emxW4HZZNMBNKet4rZzkA9VqAZ3+p9337jUS6XBuE56V IRLhQy80TyrqwQVpSKXXOmPlZdmhzAF/OJE4LZF4gMh5RIANFTUXzBkVSJ8FsB1C KXjgzk1E+5hdQ0FrwaAc9LIrq6UokhO7pIKb5tlmntXHhtDm+yLpm5QvrCxwnBad 3KlxAtWvQYVQTb5a9bhgnFXVRDjh/lQ1bxncJ1ap1oJP0E6nMfHq282G8UxnrUuY qyksNGJDgWElExzXKntdyqP+bOiIn4jwVyjBcrBZS9V3GxWOPZz4ew== =Z66X -----END PGP SIGNATURE-----