<a href="069">069</a>    [ 070 ]    <a href="071">071</a>to me. Now, the easiest way to fix this is to really widely advertise your public key. If it's *really* easy for anyone to know what your real key is, man-in-the-middle gets harder and harder. But you know what? Making things well-known is just as hard as keeping them secret. Think about it -- how many billions of dollars are spent on shampoo ads and other crap, just to make sure that as many people know about something that some advertiser wants them to know? There's a cheaper way of fixing man-in-the-middle: the web of trust. Say that before you leave HQ, you and your bosses sit down over coffee and actually tell each other your keys. No more
man-in-the-middle! You're absolutely certain whose keys you have, because they were put into your own hands. So far, so good. But there's a natural limit to this: how many people can you physically meet with and swap keys? How many hours in the day do you want to devote to the equivalent of writing your own phone book? How many of those people are willing to devote that kind of time to you? Thinking about this like a phonebook helps. The world was once a place with a lot of phonebooks, and when you needed a number, you could look it up in the book. But for many of the numbers that you wanted to refer to on a given day, you would either know it by heart, or you'd be able to ask someone else. Even today, when I'm out with my cell-phone, I'll ask Jolu or Darryl if they have a number I'm looking for. It's faster and easier than looking it up online and they're more reliable, too. If Jolu has a number, I trust him, so I trust the number, too. That's called "transitive trust" -- trust that moves across the web of our relationships. A web of trust is a bigger version of this. Say I meet Jolu and get his key. I can put it on my "keyring" -- a list of keys that I've signed with my private key. That means you can unlock it with my public key and know for sure that me -- or someone with my key, anyway -- says that "this key belongs to this guy." So I hand you my keyring and provided that you trust me to have actually met and verified all the keys on it, you can take it and add it to your keyring. Now, you meet someone else and you hand the whole ring to him. Bigger and bigger the ring grows, and provided that you trust the next guy in the chain, and he trusts the next guy in his chain and so on, you're pretty secure. Which brings me to keysigning parties. These are *exactly* what they sound like: a party where everyone gets together and signs everyone else's keys. Darryl and I, when we traded keys, that was kind of a mini-keysigning party, one with only two sad and geeky attendees. But with more people, you create the seed of the web of trust, and the web can expand from there. As everyone on your keyring goes out into the world and meets more people, they can add more and more names to the ring. You don't have to meet the new people, just trust that the signed key you get from the people in your web is valid. So that's why web of trust and parties go together like peanut butter and chocolate. # "Just tell them it's a super-private party, invitational only," I said. "Tell them not to bring anyone along or they won't be admitted." Jolu looked at me over his coffee. "You're joking, right? You tell people that, and they'll bring *extra* friends." "Argh," I said. I spent a night a week at Jolu's these days, keeping the code up to date on indienet. Pigspleen actually paid me a non-zero sum of money to do this, which was really weird. I never thought I'd be paid to write code. "So what do we do? We only want people we really trust there, and we don't want to mention why until we've got everyone's keys and can send them messages in secret." Jolu debugged and I watched over his shoulder. This used to be called "extreme programming," which was a little embarrassing. Now we just call it "programming." Two
people
<a href="069">069</a>    [ 070 ]    <a href="071">071</a>