[linux-elitists] SSL security certificates

Aaron T Porter atporter@primate.net
Thu Apr 10 18:58:44 PDT 2003


On Thu, Apr 10, 2003 at 05:55:18PM -0700, billy@damaged-world.net wrote:
> Encryption and identity assertions are really only needed when talking to
> strangers or over untrusted networks. (modulo storage, a seperate
> discussion).

	The internet is an untrusted network, in many countries down right
hostile some times.

> If I know you, PGP is fine. However, if I know your brothers friends dope
> dealer, there is absolutely 0 assurance you are who you say you are. 

	Right, the premise is that within $n levels (probably where you
have $n <= 3) of my key, you'll find signatures that you can give a very
high trust rating. Probably more like $n < 2.

> *YOU* may be willing to deligate your trust, but there is absolutely no
> reason for *me* to trust your trust, much less the deligation of that trust. 

	But I'm not asking you to blindly trust me. The goal is to find
people you trust (both in their identity and in their judgement) who will
seperately vouch for both my identity and my good intentions.



More information about the linux-elitists mailing list