|
1
|
|
|
2
|
|
|
3
|
|
|
4
|
|
|
5
|
|
|
6
|
|
|
7
|
|
|
8
|
|
|
9
|
- Correct message
- B®E: I have a path to G as
<B, A, G>
- Malicious message
- D masquerades as B to E and says
- B®E: I have a better path to
G as <C, F, G>
- If D is believed E will never be
able to send messages to G.
- Proposed solution – Have routing information digitally signed by B’s
private key
|
|
10
|
|
|
11
|
|
|
12
|
|
|
13
|
|
|
14
|
- PKI requires complete trust in one root authority.
- No globally defined single trusted root.
- Practically impossible to setup one (at least in the foreseeable
future)
- Why should I trust X completely?
- Problem of certificate revocation
- It may not always be possible to validate a certificate chain all the
way to the root (assuming one) because of network reachability issues
|
|
15
|
- Easier to establish different degrees of trust
|
|
16
|
|
|
17
|
- A new model of trust that provides different degrees of trust and
defines ways to compute trust values, compare trust values and compose
trust values
|
Notes
