Here are some references to the material on reputations I mentioned before. ftp://prospero.isi.edu/pub/papers/security/insurance-cccs94.ps * Charlie Lai, Gennady Medvinsky, and B. Clifford Neuman. Endorsements, Licensing, and Insurance for Distributed System Services, In Proceedings of 2nd the ACM Conference on Computer and Communication Security November 1994. This discusses some concepts related to extending trust relationships through a network. ftp://research.att.com/dist/mab/policymaker.ps "Decentralized Trust Management" by Matt Blaze et al This suggests a formal way of specifying trust relationships among keys. In effect you have little programs that get activated by certain keys, or by certain signatures. It is a very flexible methodology which could be adapted to many ways of specifying trust relationships. http://theory.lcs.mit.edu/~rivest/sdsi.ps (or .tex) "Simple Distributed Security Infrastructure" by Ron Rivest and Butler Lampson This is a key certificate structure which is somewhere between a hierarchical and a web of trust system, somewhat influenced by Blaze's ideas. It is pretty limited though in the kinds of trust delegation it allows. You can accept another person's signatures on specific keys but you can't mark him as a generally-accepted signer. However you can develop chains of signatures as in PGP and perhaps some extra mechanism could be used to decide when to trust them. Hal