PGP - A net of betrayal?

[M J D Brown]

In a different thread, Changes at NAI, Arturo Quirantes wondered whether
Phil Zimmerman would like to re-buy PGP and perhaps accept shareholders.

The thought prompts the question, in the new circumstances of the RIPA
being an accomplished fact, whether UK users would be better advised to
seek an alternative method of protecting their private and confidential
messages.

The problem, as I see it, centres on the 'web of trust' concept that
is inseparable from PGP, at least so far as unsophisticated users
are concerned.

LEAs apparently place considerable importance on the tracing of all
connections between suspects and their associates, expanding the web
of linkages in increasing circles looking for cross-linkages.  In the
course of such investigations all associates must inevitably come
under some degree of suspicion.  The PGP 'web of trust' would surely
increase the grounds for suspicion if examination of a suspect's or
associate's keyring revealed public keys accorded a high degree of
endorsement by the keyring owner.  The fact that the presence of
particular public keys might arise through some innocent linkage via
an entirely unassociated third or even more indirect party would be a
circumstance that it could be left to the unfortunate 'victim' to
explain to the LEA's satisfaction; another instance of having to
prove a negative.  It might not be too extravagant to suggest that
the 'web of trust' might be better described as a 'net of betrayal'.

It seems to me that caution suggests the use of a privacy protection
method that powerfully encourages the use of private keys unique to
each pair of correspondents.

Regards,
Mike.
-- 
M J D Brown: 2 Carters Close, Bretton, Peterborough PE3 9AW, England