[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: encodings, character sets, general requirements

azb@llnl.gov (Tony Bartoletti) writes:
>Regarding ...
>> >   Other requirements:
>> >     - Trust model must be a web (people want to choose whom they trust).
>> >       People must be able to choose whom they trust or consider
>> >       reliable roots (maybe with varying reliabilities).
>>The trust model should be a "constrained web", not the current PGP
>>                                        - Bill
>Are we dictating a single trust model, or simply asserting that we must
>support "web" and "contrained-web" models, among others?  Certainly, the
>effort to explore a simpler certificate should nevertheless aim for support
>of varied trust models.

Web trust models seem to be a more general approach to the problem
and I have yet to find a non-web trust model which could not be emulated
using a web trust model (you just have to be careful about stipulating
who is the "center" of the web and the relationships that can be drawn
from this.)  OTOH I have not done a complete study of all of the possible
trust models which might be necessary, is there an example of a trust
system which cannot be expressed through a web model that someone can
present?  If the constrained web model has the capability of being able
to express all other models then it seems like a good system to use...