Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If you don't trust that individual to vouch for others then they are treated differently in your web of trust: set their trust level to "none".

If you refuse to place trust in anyone, then no, the web of trust will not work for you. But it works for many others; it doesn't make it broken. The purpose of key signing is to verify that a person is legitimately who they claim to be---_that_ is what you are trusting in your web of trust: that someone has verified their identity in a means consistent with accepted protocols.

If enough people say "this person is who they say they are" by signing that person's they, then you decrease the odds that the person is a fraud.



> If you don't trust that individual to vouch for others then they are treated differently in your web of trust: set their trust level to "none".

Whom in the world do you actually trust to vouch for everyone else in the world? For me, at least, the answer is 'no-one,' — which is why neither XPKI nor the Web of Trust work for me.

> But it works for many others; it doesn't make it broken.

I suspect that no-one (older than, say, four years old) trusts any other human being or organisation to vouch for every other human being and organisation, and thus that the WoT is in fact broken for everyone — but that most folks just try to ignore that.


I have confidence in certain people that they will follow a given protocol to the best of their ability. They're not vouching for someone: they're indicating the successful completion of a keysigning protocol.

But again: you don't have to trust a single person. As more people sign Alice's key, it's increasingly unlikely that Alice fooled every one of those people.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: