Carl Ellison writes:
After getting too many people confusing SPKI/SDSI's non-CA certificate
issuance with PGP's Web of Trust, I wrote the following web page.
http://world.std.com/~cme/html/web.html
This page doesn't really define "web of trust". It says,
"...PGP incorporates a security fault tolerance feature called the Web
of Trust. Under the Web of Trust, multiple different keyholders sign
each certificate (each binding between UserID and key), attesting to
the validity of that binding. The assumption is that these different
keyholders are independent so that even if one of them makes a bad
judgment, they won't all do so. It is also assumed that no false binding
will have more than the specified web of trust number of signatures."
This is focussing on the idea of using multiple partially trusted
introducers in order to build confidence in a binding between key and
name. However I think the defining characteristic of the web of trust
goes beyond this aspect.
If we look at the name, what we have first of all is a web. This is
a network of interconnected elements. Mathematically, it is a graph.
But the name "web" implies a certain kind of random structure to the
graph. It is not hierarchical, it is point-to-point. End users connect
to other end users within the web.
Secondly, the web connections indicate "trust". Here I think the term is
a misnomer within the PGP context where it was created, because actually
the connections in the PGP case don't show trust, they show validity of
key-name bindings. (The new meta-introducer signatures do show trust,
but they came later.) Broadly, we can say that there is an element of
trust because we have to trust other people if we are going to rely on
their certifications of key-name bindings. We could also say that we are
asking whether we can trust a given key to be useful for a given purpose,
such as encrypting email to a particular addresss.
So a web of trust is a decentralized, non-hierarchical, cross-connected
network useful in making decisions relating to trust, and in our case
specifically to cryptographic trust in the sense above.
(BTW epinions.com, an online product review service, has also adopted
the term "web of trust" to refer to an eBay-like reputation system.
http://www.epinions.com/help/index.html?show=web_of_trust.)
This definition does seem to include SPKI. Even though the question
being answered by SPKI is not the same as that for PGP, the mechanism has
many similarities. Users utilize their keys to issue certificates which
point at other keys. The set of all certificates, considered as pointers
in this way, forms a web much as in the case of PGP. And the question,
in the end, is whether a given key is useful for a given purpose, can
it be trusted to be used for that purpose. So the web is used to make
trust decisions.
As I understand it (which may not be 100% correct), SPKI is even more
of a web of trust than traditional PGP, because it allows for explicit
delegation of certification power (similar to the PGP meta-introducers).
When you issue a cert with the delegation bit set, you are trusting the
receiver to delegate that power appropriately. Furthermore, this trust
propagates through the web as his delegatees may make delegations of
their own.
In my opinion, any decentralized trust management system, whether
PGP, SPKI, or the various research trust models like AT&T's KeyNote
and PolicyMaker, can all be considered to implement a web of trust.
The important element is the lack of a centralized hierarchy which is
imposed on the trust decisions. (Of course webs of trust can usually
support hierarchical trust models as a special case.)
The biggest difference between SPKI and PGP is that SPKI is primarily
oriented towards authorization certificates (is this cert holder
allowed to use this resource?) while PGP is oriented towards identity
and authentication certificates (who is this cert holder?). I'm not
sure how the SDSI aspect fits into SPKI; the way you have described it,
SDSI names sound so completely idiosyncratic as to be almost useless,
and I'm not sure what question they answer.
Hal