Re: Transitive trust and MLM
In article <+cmu.andrew.internet.cypherpunks+UlYwNe:00UfAM107VG@andrew.cmu.edu> EALLENSMITH@ocelot.Rutgers.EDU writes:
The different paths going through those different signatures will be correlated/non-independent, yes.... but that isn't the problem unless you're considering multiple paths (in a more complicated version).
To determine key validity, you do have to consider all paths. If a single trusted path to the bad key exists, the attacker wins.
IIRC, there have been some sociological studies showing that _everyone_ is linked through 6 or so people.
Milgram's "small world" experiments used a much looser sort of "link" than we want here. It would be certainly interesting to know how large a difference this makes.
Now, there's the question of whether you _need_ to be linked to everyone - [...] I see nothing wrong (and am in favor of) separation of the elite from the masses.
Gee, let me guess which group you're in... I'll go with "people I want to talk to" versus "people I don't want to talk to", thanks. It's true that you don't need to talk to everybody. The problem is that I might want to talk to people whom I don't know personally, but know by reputation, or by function ("DEA Rat Hotline" -- well, maybe not). -- . Eli Brandt usual disclaimers . . eli+@cs.cmu.edu PGP key on request . . violation of 18 U.S.C. 1462: "fuck".
On Mon, 13 May 1996 eli+@GS160.SP.CS.CMU.EDU wrote:
EALLENSMITH@ocelot.Rutgers.EDU writes:
Now, there's the question of whether you _need_ to be linked to everyone - [...] I see nothing wrong (and am in favor of) separation of the elite from the masses.
Gee, let me guess which group you're in... I'll go with "people I want to talk to" versus "people I don't want to talk to", thanks.
That sounds sincere coming from someone who calls himself "eli+" :-)
It's true that you don't need to talk to everybody. The problem is that I might want to talk to people whom I don't know personally, but know by reputation, or by function ("DEA Rat Hotline" -- well, maybe not).
Yes, that is a problem. That problem is one of the reasons that public key encryption was invented, actually. The way to know whether an untrusted key really belongs to someone is to wait for the response. Which means don't spill all the beans at once. -rich
That sounds sincere coming from someone who calls himself "eli+" :-)
Nah, that would be "eli++". Or better, "++eli". Actually, this keeps CMU's overly-clever mail system from delivering my mail to an "Edward Lawrence Immelmann" -- it prefers initials to login names.
It's true that you don't need to talk to everybody. The problem is that I might want to talk to people whom I don't know personally, but know by reputation, or by function ("DEA Rat Hotline" -- well, maybe not).
Yes, that is a problem. That problem is one of the reasons that public key encryption was invented, actually.
But PK doesn't make the key distribution problem go away. This thread has been about a particular approach to PK key distribution, the web of trust, and how to model its behavior.
The way to know whether an untrusted key really belongs to someone is to wait for the response. Which means don't spill all the beans at once.
Generally insufficient. If someone is going to go to the trouble of a key-substitution attack, they're going to take the time to compose a plausible response. This approach is useful if the intended recipient *is* well-known to you. -- Eli Brandt eli+@cs.cmu.edu
participants (3)
-
Eli Brandt -
eli+@GS160.SP.CS.CMU.EDU -
Rich Graves