Evaluating trust in a public key certification authority

With the growth of many different public key infrastructures on the Internet, relying parties have the difficult task of deciding whether the sender of digitally signed message is really who the public key certificate says they are. We have built an expert system that calculates the amount of trust, or trust quotient, that one can place in the name to public key binding in a certificate. The structure of the expert system is based on the CPS framework of Chokhani and Ford (RFC 2527), whilst the relative importance of the various factors that comprise the trust quotient, were determined by interviewing PKI experts from around the globe. This paper discusses the knowledge analysis strategy employed to collect this expert information and how we used it to develop the KBS. The analysis of the results of the interviews are also presented, and they can be summarised succinctly as "there are some factors concerning trust in a PKI which nearly all experts agree upon, and there are other factors in which there is very little agreement at all". The importance of identifying contextual factors when building a knowledge base is very important. In many cases, a disagreement between experts, as shown by a bimodal split in importance, was traced to differences in context and we show how this can be a source of new knowledge.