[196] in WWW Security List Archive
Re: what are realistic threats?
daemon@ATHENA.MIT.EDU (Tim Berners-Lee)
Fri Oct 7 01:04:52 1994
Date: Thu, 6 Oct 94 17:46:35 -0400
From: Tim Berners-Lee <timbl@quag.lcs.mit.edu>
To: dkearns{TCNET/HR/dkearns}@klaven.tci.com
Cc: szabo@netcom.com, www-security@ns1.rutgers.edu
Reply-To: Tim Berners-Lee <timbl@quag.lcs.mit.edu>
> >It's quite possible to issue certficates without any sort
> >of heirarchy: an example is the widely used public-key
cryptography
> >system, PGP. And here's another place we need to be more
> >precise: does "heirarchy" do we mean a single-rooted tree, a
directed
> >acyclic graph, a cyclic graph, or what?
It is surely a web -- a directed graph. (Not acyclic).
The requirement is that a path of trust can be established.
For example, I might say that I trust anyone certified by the
US govermment to 2 levels of indirection, or by my friend
Joe to 3 levels, or by any of the people at the PGP signing
party at the last IETF, to 2 levels. There is a web of
trust. The people I personally trust form a directed tree
rooted at me, a subset of the web of trust.
There is no reason why contracts can't be involved -- for
example, a credit card company may provide a certificate
service for its clients and a limited guarantee that the
person is who they say they are. The terms of that guarantee
might influence whether some other body certifies them in turn --
and that is how the web of trust is built. Whether I prefer to
follow freind's recommendations or Government approved
agencies is up to me: I have choice.
(A rare comment from someone who doesn't normally have time
to follow the list --sorry--)
Tim
