[linux-elitists] SSL security certificates
Aaron T Porter
Thu Apr 10 17:41:07 PDT 2003
On Thu, Apr 10, 2003 at 05:36:01PM -0700, email@example.com wrote:
> > What I'm imagining is a system that uses a PGP/GPG ring of trust
> > to establish identity and then building some sort of a "Six Degrees"
> > social network to establish the validity of a certificate request. I'm
> > still not 100% certain that a reliable network of trusted friends would be
> > large enough to be of general use or if opening a private group certificate
> > authority to the public is a fantastic idea, but I'm think it might work.
> The "web of trust" is even more broken than the Thawte/Verisign
How so? With Thawte all I know is someone has a word processor and
the ability to send a fax. With a controled web of trust at least I know
that someone I trust is willing to vouch for the certificate holder. I'm
not suggesting growing the "tree of trust" (not identity, validity) either
automatically or indefinately.
More information about the linux-elitists