>>> I believe a web of trust can be operationally feasible only if the web >>> is more like a forest - if there are several well known examples of >>> "tops" to the web. Otherwise, you have to be storing a plethora of >>> different signers' certificates to be able to validate all the >>> institution's certificates that come in. >> >> you need those certs to verify the live data anyway >> > Right. The real issue is the trust determination -- how do you know > that the certificate corresponds to something resembling reality > (whatever that is)?
for how many years have i been asking you and your evil-minded cert designing friends for a pgp-like web of trust cert that could be used for just this application? randy