Ian Grigg <iang(_at_)systemics(_dot_)com> writes:
An example of this is the x.509 PKI in use in HTTPS - they define trust as
being a CA-signed cert that includes, for example, some notion of what
country you are in (? from?).
Since we're getting a bit philosphical here, I don't know if what X.509
enforces is really "trust". PGP's web of trust is a reasonably accurate use
of the term "trust", but with X.509 you need to read "trust" as "dependency"
(in the sense of "is forced to depend upon"). For example if I make a CC
purchase from foo.com, I don't trust them because of their Verisign cert, but
I have no choice but to depend upon them because if I don't I can't make my
purchase. So PGP's mechanisms propagate trust, X.509's propagate dependency.
Peter.