International Association
for Cryptologic Research

The steadily growing number of certication authorities (CAs)

assigned to the Web Public Key Infrastructure (Web PKI) and trusted

by current browsers imposes severe security issues. Apart from being

impossible for relying entities to assess whom they actually trust, the

current binary trust model implemented with the Web PKI makes each

CA a single point of failure. In this paper, we present the concept of

trust views to manage variable trust levels for exactly those CAs actually

required by a relying entity. This reduces the set of trusted CAs

and minimizes the risk to rely on malicious certicates issued due to CA

failures or compromises.