Re: what are realistic threats?

• To: dkearns{TCNET/HR/dkearns}@klaven.tci.com
• Subject: Re: what are realistic threats?
• From: Tim Berners-Lee <timbl@quag.lcs.mit.edu>
• Date: Thu, 6 Oct 94 17:46:35 -0400
• Cc: szabo@netcom.com, www-security@ns1.rutgers.edu
• Reply-To: Tim Berners-Lee <timbl@quag.lcs.mit.edu>

> >It's quite possible to issue certficates without any sort
> >of heirarchy: an example is the widely used public-key  
cryptography
> >system, PGP.  And here's another place we need to be more
> >precise: does "heirarchy" do we mean a single-rooted tree, a  
directed
> >acyclic graph, a cyclic graph, or what? 



It is surely a web -- a directed graph.  (Not acyclic).

The requirement is that a path of trust can be established.
For example, I might say that I trust anyone certified by the
US govermment to 2 levels of indirection, or by my friend
Joe to 3 levels, or by any of the people at the PGP signing
party at the last IETF, to 2 levels.  There is a web of
trust.  The people I personally trust form a directed tree
rooted at me, a subset of the web of trust.

There is no reason why contracts can't be involved -- for
example, a credit card company may provide a certificate
service for its clients and a limited guarantee that the
person is who they say they are.  The terms of that guarantee
might influence whether some other body certifies them in turn --
and that is how the web of trust is built. Whether I prefer to
follow freind's recommendations or Government approved
agencies is up to me: I have choice.

(A rare comment from someone who doesn't normally have time
to follow the list --sorry--)

Tim

• Re: what are realistic threats?
• From: hallam@dxal18.cern.ch

• Previous: what are realistic threats?
• Next: What is "certificate"? (was: what are realistic threats?)
• Index(es):
  • Index
  • Thread