22 Nov
2005
22 Nov
'05
3:45 p.m.
I believe a web of trust can be operationally feasible only if the web is more like a forest - if there are several well known examples of "tops" to the web. Otherwise, you have to be storing a plethora of different signers' certificates to be able to validate all the institution's certificates that come in.
you need those certs to verify the live data anyway
Right. The real issue is the trust determination -- how do you know that the certificate corresponds to something resembling reality (whatever that is)?
for how many years have i been asking you and your evil-minded cert designing friends for a pgp-like web of trust cert that could be used for just this application? randy