Cryptography Reference
In-Depth Information
but also helps to place the challenges of public-key certificate management in
context.
11.4.1
Webs of trust
In the CA-free certification model of Section 11.3.2, we noted that public keys
could be made available directly by owners to relying parties without the use of
a CA. The problem with this approach is that the relying party is left with no trust
anchor other than the owner themselves.
A stronger assurance can be provided if a
web of trust
is implemented. Suppose
that Alice wishes to directly provide relying parties with her public key. The idea
of a web of trust involves other public-key certificate owner's acting as 'lightweight
CAs' by digitally signing Alice's public key. Alice gradually develops a
key ring
,
which consists of her public key plus a series of digital signatures by other owners
attesting to the fact that the public-key value is indeed Alice's.
These other owners are, of course, not acting as formal CAs, and the relying
party may have no more of a relationship with any of these other owners than
with Alice herself. Nonetheless, as Alice builds up her key ring there are two
potentially positive impacts for relying parties:
1. A relying party sees that a number of other owner's have been willing to sign
Alice's public key. This is at least
some
evidence that the public key may indeed
belong to Alice.
2. There is an increasing chance (as the key ring size increases) that one of the
other owners is someone that the relying party knows and trusts. If this is the
case then the relying party might use a transitive trust argument to gain some
assurance about Alice's public key.
Webs of trust clearly have limitations. However, they represent a lightweight and
scalable means of providing some assurance of purpose of public keys in open
environments, where other solutions are not possible.
However, the extent to which webs of trust make a real impact is unclear since,
for the types of open applications in which they make most sense, relying parties
are often likely to choose to simply trust the owner (in many cases they may
already have an established trust relationship).
11.4.2
Identity-based public-key cryptography
Recall that the main purpose of a public-key certificate is to bind an identity to a
public-key value. Thus one way of eliminating the need for public-key certificates
is to build this binding directly into the public keys themselves.
