In message <[EMAIL PROTECTED]>, Randy Bush writes: > >> I believe a web of trust can be operationally feasible only if the web >> is more like a forest - if there are several well known examples of >> "tops" to the web. Otherwise, you have to be storing a plethora of >> different signers' certificates to be able to validate all the >> institution's certificates that come in. > >you need those certs to verify the live data anyway > Right. The real issue is the trust determination -- how do you know that the certificate corresponds to something resembling reality (whatever that is)?
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb