Mobile: +61 (0) 414 488 851
Email: swilson@lockstep.com.au

Some limitations of web of trust models

An old paper of mine with some relevance today as some stakeholders in digital identity architectures remain averse to hierarchical identification relationships.

Wilson, Stephen. "Some limitations of Web of trust models." Information management & computer security 6.5 (1998): 218-220.


We have seen that natural pressures exist to create groups within groups, or hierarchies. In realising a practical web of trust, these pressures are manifest in the selection of minimal numbers of introducers, to reduce the number of first-hand links that need to be formed, and to ensure uniform identification of all users. Reliance on introductions requires users to trust others’ processes as well as their simple identities, but ordinary users are not well equipped to audit others. Standardisation and third-party oversight are clearly called for. However, while these are part and parcel of most paper-based business, they are not usually welcomed in the web of trust model.

Multilevel public key infrastructures are perhaps not so much an alternative to the web of trust as an extension of it. By recognising trusted registration authorities, not only is the trust infrastructure made more manageable, but also privacy is actively enhanced, through abstraction of business identities and the localisation of personal identity data.