The point of web-of-trust models is not to identify anyone reliably, but to make obtaining false identities harder. I.e. every signatory risk their reputation by signing someone else's certificate, and it is easy to mark that signatory as untruthworthy, thus effectively invalidating or reducing truthworthiness of all parties having that signatory in the trust chain. This can be defeated by creating chains of sham identities; but somewhat more advanced graph analysis (i.e. identifying "gateway" links to the subraph where cluster of untruthworthy behaviour is detected) can deal with that too. Such analysis can be performed proactively, on a distributed collection of host computers checking links at random). However, web of trust per se is not sufficient; what Internet needs is some way to assemble irrevokable "reputation" files for assumed and real identities. The problem of false reports on the files can be addressed by checking truthworthiness of report submitters before factoring their reports into final scores. The practical irrevokability can be achieved using techniques similar to the Publius. (Finding all individual reports for the identity is an interesting problem, though :) Protection of the system from floods of bogus reports is going to be interesting, too. Obviously, a system like that could be very useful in business transactions, too. --vadim On Thu, 22 Aug 2002, Steven M. Bellovin wrote:
In message <20020822142836.A92148@mail.webmonster.de>, "Karsten W. Rohrbach" wr ites:
i am not an expert in this field, but i think that a generic standard for this kind of trust model is long overdue, the only application nowadays out there in the wild using it being pgp's model of the web of trust.=20
I doubt that it would work well -- one "mole" would suffice for many large penetrations.
--Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com ("Firewalls" book)