In message <20020822142836.A92148@mail.webmonster.de>, "Karsten W. Rohrbach" wr
ites:
i am not an expert in this field, but i think that a generic standard
for this kind of trust model is long overdue, the only application
nowadays out there in the wild using it being pgp's model of the web of
trust.=20
I doubt that it would work well -- one "mole" would suffice for many
large penetrations.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com ("Firewalls" book)
The point of web-of-trust models is not to identify anyone reliably, but
to make obtaining false identities harder. I.e. every signatory risk
their reputation by signing someone else's certificate, and it is easy to
mark that signatory as untruthworthy, thus effectively invalidating or
reducing truthworthiness of all parties having that signatory in the
trust chain.
This can be defeated by creating chains of sham identities; but somewhat
more advanced graph analysis (i.e. identifying "gateway" links to the
subraph where cluster of untruthworthy behaviour is detected) can deal
with that too. Such analysis can be performed proactively, on a
distributed collection of host computers checking links at random).
However, web of trust per se is not sufficient; what Internet needs is
some way to assemble irrevokable "reputation" files for assumed and real
identities. The problem of false reports on the files can be addressed by
checking truthworthiness of report submitters before factoring their
reports into final scores.
The practical irrevokability can be achieved using techniques similar to
the Publius. (Finding all individual reports for the identity is an
interesting problem, though 
Protection of the system from floods of
bogus reports is going to be interesting, too.
Obviously, a system like that could be very useful in business
transactions, too.
--vadim