The Problem with Ad-Hoc PKI


Lack of a global namespace prevents successful binding of names to keys

Names and identity aren't global to begin with!

Local names can be linked using well-defined identity / key binding protocols (e.g. SDSI / SPKI, Rivest-Shamir interlock protocol, PGP web-of-trust)

Their trust relationships can be defined by a formal calculus (e.g. Kohler and Maurer's proposed public-key certification calculus)

But such rigorous methods still depend on user discipline in practice!