Re: Why did the PGP Web of Trust fail?

On 2018-06-21 01:09, David Chadwick wrote:
> Interestingly the latest version of X.509 has introduced the 4 cornered
> trust model, with RPs trusting Trust Brokers who validate the numerous
> root CAs on their behalf.

Thanx! that's news to me.

I'm personally trying to create a more "Internet-ish" version of the 4 cornered model
https://cyberphone.github.io/doc/defensive-publications/authority-objects.pdf
but it may be limited to payments.

Anders

> 
> David
> 
> On 20/06/2018 21:02, Anders Rundgren wrote:
>> The to date only provably scalable trust scheme I'm aware of is the
>> "four corner model" used by banks.
>>
>> That is, clients trust their respectively banks which in turn trust each
>> other.
>>
>> A down-side of that model is that it is hard to combine with end-2-end
>> security.
>>
>> Anders
>>
>> On 2018-06-20 21:11, Henry Story wrote:
>>> Hi all,
>>>
>>>      I wrote a blog post entitled perhaps a little teasingly
>>> with the title of this thread. This followed a longer
>>> entry on Digital Sovereignty I wrote, where I get into
>>> the concept of an institutional Web of Trust. This lead
>>> Prof Bryan Ford in the distributed/decentralised systems
>>> group at EPFL in Lausanne to ask why that Web of Trust would
>>> be more successful and avoid the problems of the PGP one.
>>>
>>> So I had to look into what the exact problems with the PGP
>>> web of trust was. But as certain obvious limitations were
>>> clear from  reading the PGP spec and as I thought it would
>>> be unjust to tie them to such accidental errors I imagined
>>> what would happen if they evolved to using the W3C Verifiable
>>> Claims  standards.
>>>
>>> https://medium.com/@bblfish/what-are-the-failings-of-pgp-web-of-trust-958e1f62e5b7
>>>
>>>
>>> Please let me know if I have misunderstood something.
>>> I am covering quite a lot of ground here.
>>>
>>> Feedback very much welcome :-)
>>>
>>> Henry Story
>>> http://co-operating.systems/
>>>
>>
>>
>>
>

Received on Thursday, 21 June 2018 06:49:50 UTC