Alternative Approaches—Webs of Trust
Let’s learn about the alternative approaches that attempt to resolve complicated issues with implementing a certificate-based approach to public-key management by avoiding the use of public-key certificates.
We'll cover the following
There are many complicated issues to resolve when implementing a certificate-based approach to public-key management. Several alternative approaches attempt to resolve these by avoiding public-key certificates.
Note: The use of public-key certificates is more common than either of these alternative approaches. However, consideration of these approaches not only indicates that certificates aren’t the only option for public-key management, but also helps to place the challenges of public-key certificate management in context.
Webs of trust
In the CA-free certification model, we noted that public keys could be made available directly by owners to relying parties without the use of a CA. The problem with this approach is that the relying party is left with no trust anchor other than the owner themselves.
A stronger assurance can be provided if a web of trust is implemented. Suppose Alice wishes to provide relying parties with her public key directly. The idea of a web of trust involves other public-key certificate owners acting as ‘light-weight CAs’ by digitally signing Alice’s public key. Alice gradually develops a key ring, which consists of her public key plus a series of digital signatures by other owners attesting to the fact that the public-key value is indeed Alice’s.
Get hands-on with 1400+ tech skills courses.