Certificates are good for bootstrapping, but after that, things should mostly use Web of Trust. Maybe both, verifying one against the other.
The reason is it is highly likely that powerful entities have compromised root certificate authorities (or can, on a whim), and are simply holding on to the capability for use when needed. Distributed web of trust seems far more difficult for such an agency to compromise.
No comments :
Post a Comment