The Web of Trust
March 26, 2015. @pfrazee
Defines the robustness of a WoT network by the number of unique but redundant paths-of-certification between identities. Describes an algorithm to find identities with low connectivity and provide certification recommendations to improve their connectivity.
Observes that the WoT is not a PKI because it’s not concerned with distribution. PGP instead relies on a semi-centralized PKI, the names-servers. Proposes a decentralized, distributed certificate search protocol.
- Works by overlaying the graph of certificates onto the network of devices and following directed edges.
- To improve discovery, nodes replicate their pubkeys outward along their cert-graph for a certain number of hops out.
- Searches likewise move outward along the cert-graph, from the initiator.
- On discovery, the search and replication paths are glued together and treated as a certificate-chain.
Infers a trust-graph using only user interactions. The authors didn’t have an actual trust-graph to compare against, so they could only analyze the likelihood of accuracy basd on structural features. However, they claim confidence in their results.
Describes models to evaluate the trustworthiness of data with “the actual content of the data, the data sources, recency of updates, the schemas being used, and the creator.” Focuses on the rules used to evaluate trust, and the need to assign trust in the rules of trust.
Summarizes information-trust research in 4 categories: Policy-based, Reputation-based, General models, and Provenance-based.