When you receive an email message that is "signed" with someone's digital ID, how do you know
that person really sent the message? Or, when someone receives a message signed with your digital
ID, how likely is it that you actually sent the message? A large part of the answers to these
questions revolves around the "trust models" that are built into digital identifications. There
are two very different trust models that are popular today, a fact that is not well understood by
many people using secure email. This article provides a brief overview of the major trust models
-- hierarchical and peer – with pointers to further information.
Hierarchical Trust
The hierarchical trust model is more common than the peer trust model. It is based on the
principle of everyone knowing one common person whom everyone really, really trusts. Imagine the
following scenario:
You meet someone new at a party. She tells you that her name is Betty Boop. You ask, "How do I
know your name is really Betty Boop? I need some proof." Betty says, "Okay. I know that you know
Bob Jones over there. You know that Bob knows everyone in the world. Let's go talk to him." You
both walk over to Bob. He looks at you and Betty, and assures you that in fact this is Betty
Boop. You now believe that you have met Betty Boop, since you trust Bob and he vouched for Betty.
This is the hierarchical trust model.
The hierarchical trust model can be extended to include subgroups. Suppose you join a new club
called Espresso Lovers Anonymous (ELA). You want to make sure you can trust everyone you meet in
the club, so you call up Bob Jones. Bob says the world has become too big and that he no longer
knows everyone, including the people in ELA, but he will send Betty Boop in his place. Bob
reminds you that he knows Betty and says that you can trust whatever she says about membership in
ELA. When you go to the first ELA meeting, you ask Betty to introd
To continue reading for free, register below or login
To read more you must become a member of SearchDomino.com
uce you to the other members.
You trust what she tells you because you trust what Bob said about her.
To extend the analogy further, note that you only trust Betty to give you information about
coffee lovers. If you join a yoga club (to work off the effects of too much coffee) you would not
ask Betty to introduce you to people in that group, because you are not certain she can vouch for
those people.
Hierarchical digital IDs work in the same way. There is a top-level trust authority, known by
everyone using the IDs. In some cases, there is also an organization-level trust authority, which
you believe can vouch for people within a certain subgroup.
The Notes ID system is a hierarchical trust scheme. You trust that a Notes username is valid
because you trust the top-level Notes certifier that issued the user's ID file.
The most popular third-party hierarchical digital IDs are issued by VeriSign .
VeriSign also has a digital ID service, called Go Secure, specifically for
use with Lotus Domino/Notes.
Domino allows you to create your own hierarchical IDs for external (non-Notes) email. Using
this method is free, so you can avoid paying VeriSign for each ID. The drawback is that the
top-level authority (which you create) is not implicitly trusted by everyone you communicate
with. Nevertheless, some Domino shops opt to go this route. Details about using Domino as its own
Certifying Authority are can be found in E-pro's article archives. .
Peer Trust
Peer trust is based on the principle that there is no one who knows everyone, but that people
who want to trust each other can find some trusted parties in common. Imagine the party scenario
again: You meet Betty Boop and ask, "How do I know your name is really Betty Boop?" Betty says,
"Well, there is no one at the party who knows everyone, but if I can find three friends whom we
have in common, will you believe me?" You agree that this is reasonable. So Betty and you find
three such people and you now trust that Betty is whom she says she is.
The drawback to the peer trust model is that establishing trust is more complicated and
time-consuming.
A popular vendor for peer-trust digital IDs is Thawte. The IDs are free. Thawte refers to the
peer model as the Web of Trust (WOT). Here is the home page for the Thawte WOT:
www.thawte.com.
Here is a FAQ about the
WOT.
Chuck Connell is president of CHC-3 Consulting , which
helps organizations with all aspects of Domino and Notes. CHC-3 allows companies to outsource
their Domino administration needs via DominoAdministration.com and runs the popular security site DominoSecurity.org .
