Re: Netscape Changes RSA tree

• To: owner-www-security@ns2.rutgers.edu
• Subject: Re: Netscape Changes RSA tree
• From: Paul Leach <paulle@microsoft.com>
• Date: Wed, 26 Apr 95 10:04:32 TZ
• Cc: rens@imsi.com, wcs@anchor.ho.att.com, www-security@ns2.rutgers.edu

----------
| From: Marc Horowitz  <marc@mit.edu>
| To: Paul Leach
| Cc:  <www-security@ns2.rutgers.edu>;  <rens@imsi.com>;  
<wcs@anchor.ho.att.com>
| Subject: Re: Netscape Changes RSA tree
| Date: Wednesday, April 26, 1995 12:56AM
|
| I'm not convinced.  In graph theoretical terms, the web of trust is an
| arbitrary digraph.  A heirarchy is a tree.  What is your system?
|
| (Of course, I'm a computer engineer, not a mathematician, so if I got
| these terms wrong, someone please correct me.)

A tree is a always web; a web is not always a tree.

Specifically, I was talking about webs of trees -- i.e., there are many 
trees, each with its own root, with trust links between the trees.  In 
the degenerate case of one node per tree, it's exactly a web.  In that 
case, the owner of that node has to personally decide exactly who they 
trust, and how much.  If a node is part of a tree, they can delegate 
that responsibility to someone else they trust.

The "treeness" of many subgraphs in the web will make trust management 
easier; the "webness" will allow freedom of entry, with the deciding 
criteria the tradeoff between getting the extra trust links established 
and the trustworthiness (for whatever your purposes are) of existing 
hierarchies.

Anyway, that's how we are planning to implement it, which was the 
original question that sparked my original posting.

• Previous: Re: Re- Hierarchies and Webs of
• Next: Re- Hierarchies and Webs of [trust]
• Index(es):
  • Index
  • Thread