December 17, 2005

OpenPGP supports any Trust Model that you desire!

[editorial note - this is a guest post by Ed Gerck]

James A. Donald wrote:
>     --
> From:               Werner Koch 
>> You need to clarify the trust model.  The OpenPGP
>> standard does not define any trust model at all.  The
>> standard merely defines fatures useful to implement a
>> trust model.
> "Clarifying the trust model" sounds suspiciously like
> designers telling customers to conform to designer
> procedures.  This has not had much success in the past.
> People using PGP in practice verify keys out of band,
> not through web of trust.


Yes. Your observation on out-of-band PGP key verification is very important and actually exemplifies what Werner wrote. Exactly because there's no trust model defined a priori, uses can choose the model they want including one-on-one trust.

This is important because it eliminates the need for a common root of trust -- with a significant usability improvement.

If the web of trust is used, the sender and recipient must a priori trust each other's key signers, requiring a common root of trust -- that may not even exist to begin with.

So, instead of worrying about what trust model PGP uses, the answer is that you can use any trust model you want -- including a hierarchical trust model as used with X.509.

Jon Callas and I had several conversations on trust in May '97, when Jon visited me for two weeks while I was in Brazil at the time, I think before the OpenPGP WG was
even working on these issues. This is one of the comments Jon wrote in a listserv then, with a great insight that might be useful today:

As I understand it, then, I've been thinking about some of the wrong issues. For example, I have been wondering about how exactly the trust model works, and what trust model can possibly do all the things Dr Gerck is claiming. I think my confusion comes from my asking the wrong question. The real answer seems to be, 'what trust model would you like?' There is a built in notion (the 'archetypical model' in the abstract class) of the meta-rules that a trust model has to follow, but I might buy a trust model from someone and add that, design my own, or even augment one I bought. Thus, I can ask for a fingerprint and check it against the FBI, Scotland Yard, and Surite databases, check their PGP key to make sure that it was signed my Mother Theresa, ask for a letter of recommendation from either the Pope or the Dalai Lama (except during Ramadan, when only approval by the Taliban will do), and then reject them out of hand if I haven't had my second cup of coffee.

Ed Gerck

Posted by iang at December 17, 2005 12:18 PM | TrackBack

Which makes me wonder, why OpenPGP-based http security failed to gain traction. AFAIR, implementations were ready before https in the form of ncsa httpd patches and/or the early versions of apache (I can't remember which one). NCSA Mosaic had patches to communicate with it, too (it used PGP as a back-end).

Does anyone here know why the folks at Netscape developed SSL based on X509 instead of building on the already battle-hardened PGP?

Posted by: Daniel A. Nagy at December 18, 2005 02:55 PM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.