On 18/10/01 10:05 -0700, Chris Wilkes wrote: <snip> > Anyone use GNUPG? It uses a "web of trust" that fellow humans certify you > are who you are. IE if Alice says that Bob is who is is and you trust > Alice then you trust that the mail signed by Bob is really from Bob. gnupg is a Free implementation of pgp. The web of trust model is central to pgp.
> This approach is radically different from the PGP way pushed by Network > Associates where there is a root authority stamping everyone's > certificate. This is almost a perfect example of how the GNU way is You are confusing pgp with PKI+S/MIME (look at the implementation fo current https for an example). > better: the potential collapse of the root person might cause the downfall > of the system. See also where Verisign signed a fake certificate for > someone they thought worked for Microsoft. Yeah, I don't have verisign certificates in my browsers any longer, because I don't trust them. In Applied Cryptography terms, Trent is no longer a trusted third party. Devdas Bhagat
