Re: [Auth]Authorization Certificates

[Barry Fitzgerald]

The problem with a web of trust (I'm catching up on some e-mail that got
lost in a mail account that I use - don't ask) is that it's trust
spreads too far.

This is a particularly bad idea when considering a databank
infrastructure.  For instance:

I am 'A'.  'A' trusts 'B' with it's data.  'B' trusts 'C' with it's
data.  'C' trusts 'D' with it's data.  And on and on and on down the
line.  Now, inherently - the matrix becomes problematic because even
encrypted data ends up in the hands of potentially untrustworthy
people.  The user in this situation gets their data stolen after someone
goes through the trouble of cracking the encrypted data that already
exists in their "trusted" machine.  The user most likely, in this
situation, has no way of knowing where the breach would have occurred.  

And this is the case even in this extremely simplistic one dimensional
WoT.  Technically, 'A' can limit it's data spread to only 'D' through
'B' if she wants (and if server 'B' supports this function) - however
this is even problematic because if 'D' goes errant, then 'D' breaks the
web of trust.  

Further, once you begin to limit the WoT for the protection of the user,
you negate the usefulness of it.  If the WoT can't be considered to be a
stateful and consistent point of information storage, then the entire
concept falls apart.  In any case, the usefulness of this may have some
limited usage in a DotGNU style environment - the hybrid environment
that has been proposed.  The usage can be found in the creation of
server mirrors that distribute the load of a single DotGNU server.  As
such, the user must be legally allowed to sign off on each transfer per
their discretion.

Is everyone following me?

        -Barry