In message <17283.33635.774719.679@roam.psg.com>, Randy Bush writes:
I believe a web of trust can be operationally feasible only if the web is more like a forest - if there are several well known examples of "tops" to the web. Otherwise, you have to be storing a plethora of different signers' certificates to be able to validate all the institution's certificates that come in.
you need those certs to verify the live data anyway
Right. The real issue is the trust determination -- how do you know that the certificate corresponds to something resembling reality (whatever that is)?
for how many years have i been asking you and your evil-minded cert designing friends for a pgp-like web of trust cert that could be used for just this application?
Actually, I don't do certs; it's my evil-minded friends... That said, I think the problem is that we need an algebra of trust that will let a program, not a human, decide whether or not to trust a certficate. You don't want to accept something if it's a twisty loop of subsidiaries or allied evil ASs vouching for each other. OTOH, there are some situations where we know that absolute trust is indicated -- say, 701 signing 702's certificate, or an upstream signing the address certificate for a customer. And it's not just honesty, it's competence you're assessing -- we've all seen problems when major ISPs didn't get their filters straight. Furthermore, given that a trust algebra may yield a trust value, rather than a simple 0/1, is it reasonable to use that assessment as a BGP preference selector? That would tie the security very deeply -- too deeply? -- into BGP's guts. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb