On Tue, 25 Mar 2003, Matt Crawford wrote:
>Has anyone ever weighted a PGP key's certification value as a >function of how many keys it's know to have certified? An interesting idea: At one extreme you could view the whole universe as having a finite amount of trust and every certification is a transfer of some trust from one person to another. But then companies like verisign, after the first thousand or so certs, would have nothing left to sell. At the other, you could view verisign as providing a fairly reliable indication, not necessarily of who X is, but certainly of the fact that somebody was willing to spend thousands of dollars to claim to be X and the financial records are on file if you absolutely need to figure out who that was, so they "create" trust in a way that most keysigners don't. Neither model is perfect, but the latter one seems to have more appeal to people in protecting financial transactions and the former to people who are more concerned about personal privacy. Bear --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]