In that context, pessimism may be more reasonable.
That is: If for whatever reason you are engaged in activities that really require anything like PGP’s web of trust, then that probably means that you’re in more danger than the rest of us of being the subject of deliberate somewhat-credible deception about people’s identities. So maybe of the people who give you business cards only 55% really are who they say they are. That’s still a long way from my experience :-).
[EDITED to add …] Oh, and more to the point, if you’re building software that tries to make this kind of decision and it’s based on probabilities appropriate for “ordinary” situations, it will probably go badly wrong in situations of deliberate attack. So it may be necessary to adopt more pessimistic numbers.
In that context, pessimism may be more reasonable.
That is: If for whatever reason you are engaged in activities that really require anything like PGP’s web of trust, then that probably means that you’re in more danger than the rest of us of being the subject of deliberate somewhat-credible deception about people’s identities. So maybe of the people who give you business cards only 55% really are who they say they are. That’s still a long way from my experience :-).
[EDITED to add …] Oh, and more to the point, if you’re building software that tries to make this kind of decision and it’s based on probabilities appropriate for “ordinary” situations, it will probably go badly wrong in situations of deliberate attack. So it may be necessary to adopt more pessimistic numbers.