- From: David Chadwick <D.W.Chadwick@kent.ac.uk>
- Date: Thu, 21 Jun 2018 00:09:48 +0100
- To: public-credentials@w3.org
Interestingly the latest version of X.509 has introduced the 4 cornered trust model, with RPs trusting Trust Brokers who validate the numerous root CAs on their behalf. David On 20/06/2018 21:02, Anders Rundgren wrote: > The to date only provably scalable trust scheme I'm aware of is the > "four corner model" used by banks. > > That is, clients trust their respectively banks which in turn trust each > other. > > A down-side of that model is that it is hard to combine with end-2-end > security. > > Anders > > On 2018-06-20 21:11, Henry Story wrote: >> Hi all, >> >> I wrote a blog post entitled perhaps a little teasingly >> with the title of this thread. This followed a longer >> entry on Digital Sovereignty I wrote, where I get into >> the concept of an institutional Web of Trust. This lead >> Prof Bryan Ford in the distributed/decentralised systems >> group at EPFL in Lausanne to ask why that Web of Trust would >> be more successful and avoid the problems of the PGP one. >> >> So I had to look into what the exact problems with the PGP >> web of trust was. But as certain obvious limitations were >> clear from reading the PGP spec and as I thought it would >> be unjust to tie them to such accidental errors I imagined >> what would happen if they evolved to using the W3C Verifiable >> Claims standards. >> >> https://medium.com/@bblfish/what-are-the-failings-of-pgp-web-of-trust-958e1f62e5b7 >> >> >> Please let me know if I have misunderstood something. >> I am covering quite a lot of ground here. >> >> Feedback very much welcome :-) >> >> Henry Story >> http://co-operating.systems/ >> > > >
Received on Wednesday, 20 June 2018 23:10:21 UTC