Problem 5a: Certification is not the same as trust

• Even if identity is established, we still need a mechanism to establish whether a key should be trusted for any given purpose

• The cryptography itself doesn’t answer this

  • neither does a certification mechanism

• Trust management is a new, open, research area

  • languages and architectures for binding keys to the purposes for which they are trusted
  • interpretation of certificates and policies

Previous slide

Next slide

Back to first slide

View graphic version