Would I trust you, if everyone else trusted you?

For some time now, I have been toying with the idea of doing away of PKI.  **gasp**

Ok... ok... not all PKI.  In the end, some sort of method for establishing trust is needed.  So, I guess the source of my frustration is with the publicly trusted CAs and the associated aspect of purchased trust.  In my opinion, there really has to be a better way for determining what and who is trusted.

After all, who decided to trust the CAs in my Trusted Root CA list anyhow?  Was it decided via a money transaction, a corporate lawyer, a forum flame war, a government treaty, or a bunch of power hungry open source developers?  Most of those seem a little fishy, if you get my drift.  Better yet, should I trust all of the certificates that were signed by a trusted CA?  I'm going to bet at some point in time an evil guy purchased a "trusted" certificate.  If he was smart he would have paid the extra bucks for an EV certificate.  Then I might just give him my credit-card number because my browser was green.

Anyhow... with these thoughts in the back of my mind, I have been pondering for many months about solutions to this mess.  One such solution was to drive trust via mob mentality, better known as Social Trust.  Heck, I figured the mobs had been so good at telling me what news to read.  Why not tell me who should be trusted and who should not be trusted.

Naturally, I started looking for people working on this... Oddly... I did not find very much going on, other than two odd ball sites named Jyte and FilmTrust.  Both of these web masterpieces (and say that with respect as the underlying ideas are really good) head in the direction that I want... but, they are more novelty then a trust framework I want to hand down to my kids.

Is anyone game for developing this further?

If you like this, check out some other posts from Tyson:

Or if you want, you can also check out some of Tyson's latest publications:

Lastly, visit the Microsoft Subnet for more news, blogs, and opinions from around the Internet.  Or, sign up for the bi-weekly Microsoft newsletter(Click on News/Microsoft News Alert)

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.

IT Salary Survey: The results are in