At 11:30 PM -0700 6/13/02, Einar Stefferud wrote: >[EMAIL PROTECTED] said: > >>On Fri, 14 Jun 2002 10:52:47 +1200, Franck Martin <[EMAIL PROTECTED]> said: >> >> > Ideally, we should rate each CA in our applications and the application >> > should give us a level of risk... >>> >>>Hey.. it's the PGP Web of Trust. ;) >>> >>>Content-Type: application/pgp-signature >> >>Attachment converted: Macintosh HD:Untitled 1 (????/----) (0009FFDB) > >By George -- I think You've Got It;-)... > >Trust must be earned, and cannot be delegated;-)... > >And cannot be transmitted via any single communication path. > >Enjoy;-)...\Stef
PGP is the epitome of transitive trust! Multiple cert paths do not necessarily make for more trust, but they do add enough complexity to make the system unscaleable, not to mention the revocation issues ...
