From: Hal <hfinney@shell.portal.com>
Date: Tue, 18 Jun 1996 14:05:54 +0800
To: vipul@pobox.com
Subject: Re: pretty good reputation
Message-ID: <199606172256.PAA09652@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Here are some references to the material on reputations I mentioned
before.

ftp://prospero.isi.edu/pub/papers/security/insurance-cccs94.ps
     * Charlie Lai, Gennady Medvinsky, and B. Clifford Neuman.
       Endorsements, Licensing, and Insurance for Distributed System
       Services, In Proceedings of 2nd the ACM Conference on Computer and
       Communication Security November 1994.

This discusses some concepts related to extending trust relationships
through a network.

ftp://research.att.com/dist/mab/policymaker.ps
	"Decentralized Trust Management" by Matt Blaze et al

This suggests a formal way of specifying trust relationships among keys.
In effect you have little programs that get activated by certain keys, or
by certain signatures.  It is a very flexible methodology which could be
adapted to many ways of specifying trust relationships.

http://theory.lcs.mit.edu/~rivest/sdsi.ps (or .tex)
	"Simple Distributed Security Infrastructure" by Ron Rivest and
	Butler Lampson

This is a key certificate structure which is somewhere between a
hierarchical and a web of trust system, somewhat influenced by Blaze's
ideas.  It is pretty limited though in the kinds of trust delegation it
allows.  You can accept another person's signatures on specific keys but
you can't mark him as a generally-accepted signer.  However you can
develop chains of signatures as in PGP and perhaps some extra mechanism
could be used to decide when to trust them.

Hal