>>>>> "Dave" == Dave Crocker <dhc@xxxxxxxxxxxx> writes: I have no idea how we got from security for ietf.org services to this. I hope we're not going to pilot Phil's e-mail trust model in the IETF, even though I think his work has significant value. Dave> The interesting premise in the suggestion is that a web of Dave> trust key management model is useful at Internet scale. Dave> I don't understand why anyone believes that. I'm not sure that's actually an implied premise. I guess bulk mailers do need to communicate with people at Internet scale. The rest of us not so much though. Yes, I can communicate with anyone on the Internet. However, the set of people that I communicate with is smaller than that. The set of people for whom I need trusted communication is even smaller. >From my experience in the open-source and product-security communities (some of the larger web of trust users), web-of-trust tends to work well when people are communicating with a small enough set of people that they can make individual authorization decisions but where that set is drawn from a large enough infrastructure that shared key management is valuable. We're seeing something similar as we're putting together the Moonshot deployment of ABFAB federation. There's value in some environments in having a large trust infrastructure from which I actually trust only some principals. I think that the same is likely true for some uses of secure e-mail.