Alternative Approaches—Webs of Trust

There are many complicated issues to resolve when implementing a certificate-based approach to public-key management. Several alternative approaches attempt to resolve these by avoiding public-key certificates.

Note: The use of public-key certificates is more common than either of these alternative approaches. However, consideration of these approaches not only indicates that certificates aren’t the only option for public-key management, but also helps to place the challenges of public-key certificate management in context.

Webs of trust

In the CA-free certification model, we noted that public keys could be made available directly by owners to relying parties without the use of a CA. The problem with this approach is that the relying party is left with no trust anchor other than the owner themselves.

A stronger assurance can be provided if a web of trust is implemented. Suppose Alice wishes to provide relying parties with her public key directly. The idea of a web of trust involves other public-key certificate owners acting as ‘light-weight CAs’ by digitally signing Alice’s public key. Alice gradually develops a key ring, which consists of her public key plus a series of digital signatures by other owners attesting to the fact that the public-key value is indeed Alice’s.