[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SDSI and PGP web of trust
I see a couple of features which characterize the PGP web of trust.
The first is the trusted signer. I can make a particular other person as
being trustworthy. Then every signature he makes, each of which binds a
name to a key, I adopt as my own binding.
The second is the partially trusted signer. If two partially trusted
signers both attest to the same binding between a name and a key, I will
accept it as my own. The threshold can be adjusted to require more than
In terms of SDSI, the first feature can be thought of as an automatic
mechanism to resolve names based on someone else's namespace. If I trust
alice, then ( ref: alice bob ), which refers to a key and binds the name
"bob" to the key, would produce a binding in my own namespace of bob to
that key. (In PGP terms, "bob" would be a full name and email address.)
Suppose a message came signed with a key, and associated with that key
was a set of certificates binding "alice's bob", "charlie's bob",
"donna's bob", etc., all to the same key. This would be structurally
like a PGP signed message which had the key enclosed with a lot of
different signatures on it. If I trusted any of alice, charlie, or
donna, then I would be willing to call the key "bob" and say the message
was from bob.
SDSI doesn't seem to provide mechanism to automate these kinds of rules.
It does seem to have some similar mechanism for group membership, though.
Suppose everyone has a group "signed-keys" which includes the
principals of the keys they have signed (in the PGP sense). Then I could
create a group which was:
( Group: ( OR: signed-keys ( ref: alice signed-keys ) ) )
Then I would know that any principal which was in this group would be
signed either by me or by someone I trusted (alice in this case). SDSI
can incorporate all of alice's signed keys in one step using this
mechanism. But this doesn't let me incorporate each of the names she has
created as ones of my own.