> If transitive trust could be made to work, then government security > clearances would be easy. If it could work, we would have more than 3 > credit reporting agencies, and we would not have so much machinery to > deal with their errors. If transitive trust cannot be made to work for > those cases where there are major penalties for cheating, how can you > expect to make it work for mail, which no one values at more than > $30/year/seat? that's not an unreasonable question. and yet, the meatspace world copes. the thing cybertrust hasn't done is to take advantage of existing meatspace relationships. probably there's no way i'll ever have reason to trust you but i'll bet my bank has ways of trusting your bank. (or your school or my insurance company or whatever.) if you think in terms of pgp then trust can't scale. if you think in terms of the meatspace world and its millenia of traditions and mechanisms, trust clearly can scale. if your bond is only $30/year then i probably wouldn't trust you no matter what my bank told me about your insurance company or what your insurance company said about you. remember, i don't want to know who you are, i only want to know who you know. if the world has no hooks into you then i would withhold my consent. presumably there are others who would only give consent if your religion was the same as theirs or if your identity was known -- but that all fits under the "all communications by mutual consent" banner. > You might say that you don't want fully transitive trust but only > to trust the people who know people you know. If you want that > kind of mail system that does not carry message between strangers, > you've already got it with any of the many kinds of whitelisting. no, i want it to be as big as meatspace. > These problems with trust have nothing to do with the network protocols > involved. They are fundamentally non-technical. Talking about replacing > SMTP to implement transitive trust is at best a distraction. unfortunately you're right about that last part. smtp's major problem is its unpleasant distinction between the transport and mailbox, and it *will* get replaced with something that can carry trust indicators and deal with multilevel agency. but the real and larger work is the meatspace-sized trust web, without which smtp is probably as good as e-messaging can ever get. -- Paul Vixie