Some limitations of web of trust models

The “web of trust” is one approach to the problem of trusted exchange of public keys in a public key security system. In a web of trust, individuals accept the bulk of the responsibility for identifying and authenticating each other and subsequently swapping their keys. This trust model is supported by some commercial products and some industry standards. The main alternative is the Public Key Infrastructure (PKI) where key holders are identified and authenticated by third‐party Certification Authorities (CAs). Rather than personally swapping keys, participants in a PKI obtain one another’s public keys from one or more CAs in the form of digital certificates. These two trust models have, for some time, been vying for selection internationally in both policy and commercial forums. In Australia, the debate has been spurred on by recent deliberations over the possible form of a national peak authentication body, and by spirited discussion of the privacy impacts of a national hierarchy. There appears to be a view emerging that a web of trust might be easier to constitute than a hierarchy and that it may be inherently less intrusive. On closer inspection, however, these promises prove to be unfounded. This paper discusses certain limitations of any web of trust model, with particular reference to scalability, uniform standards of identification, auditability, and the protection of personal identification data.