the problem that destroyed PGP

Perry E. Metzger perry at
Sun Feb 12 10:03:08 PST 1995

"W. Kinney" says:
> This isn't a criticism of PGP's key certification paradigm -- PGP allows
> centralized certification (I see a few keys signed by SLED, for instance),
> and it also allows me the flexibility of having mutual certification within
> the circle of people I mail regularly. But web of trust _in and of itself_
> is not proving to be effective when applied to the problem of providing
> reliable key certification on the scale of the internet as a whole. 

I think the jury is still out on that. Web-of-trust is still really
untested because of the difficulties in widespread deployment of
PGP. As it stands, PGP is still a hacker's toy -- the lack of a
library or an easy to use global key distribution infrastructure mean
that we have yet to see what can be done. I think that mutually
authenticating organizations with small trust pyramids within the
organizations, but without a global key pyramid, may come to prove
very practical.


More information about the cypherpunks-legacy mailing list