DataPacRat,
...
The key item I am gathering from your response is 'trust is not
transitive'. If that's the case, then wouldn't that also apply to
chains of 'official' CAs, as well? If all that is so, then is it
possible that ad-hoc / mesh-network / web-of-trust /
(insert-buzzword-here) CAs would fare no worse by that metric than the
current hierarchical CA system?
That is a fair comment for some PKIs, but not all.
If a PKI represents an _authoritative_ set of CAs, vs. a "trusted"
set of CAs, then this issue does not arise. So for example in the
DANE context or the RPKI context, we're not dealing with transitive trust.
Steve
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
