Re: [tlug] cacert question

["Stephen J. Turnbull" <stephen@example.com>]

Raymond Wan writes:

 > Yes, that's true.  I suppose the average consumer clicks 
 > "Agree" without actually reading it and perhaps is not fully 
 > aware of the EULA.

The average consumer doesn't care and shouldn't need to, IMO.  But
that's a different thread.

 > Well, I'm not trying to defend Microsoft [really, I am a 
 > Linux user and not a spy :-) ], but many Microsoft-haters 
 > aren't aware of the work that comes out of Microsoft 
 > Research.

That isn't a problem on this list, since about half of us are Simon
Peyton-Jones fans. :-)

 > Hmmm, that's true about personally meeting.  But if we have 
 > a chain of people meeting each other:
 > 
 > A --> B --> C --> D --> E
 > 
 > then A and E are in the same "web of trust", despite them 
 > never having met each other.  And if C was somehow slack, 
 > then the web is only as good as the weakest link.

Not true.  First, web of trust membership is not off-on, it's
quantitative (although perhaps not precise).

Second, it's additive: in

A --> B --> C
|           |
V           V
D --------> E

A may trust E more than C (depending on how she feels about B and D).

The idea in webs of trust is that many non-overlapping paths give a
pretty strong degree of trust.