[e2e] peer to peer, e2e, PKI authentication, trust chain discovery, management and capabilities exchange

[Jon Crowcroft]

there's loads of work in the research community on
how to do infrastructure free trust community building (e..g for p2p and manet)

recent PhDs at eurecom and imperial (can't recall the imperial college one
but pietro michiardi's work with refik molva on CORE  is worth a look

there are some breakthrouhs on how to bootstrap the systems (e.g. preventing sybil attacks undermining 
the usual reputation based strategic learning systems)

there are ideas kicking around for using social networks (based on recommendation but limiting damage to size of 
commuunity by degree distribution of acquaintances)...

i dont know what I would cite as state of the art, but its a lively area
the usual limits ondecentralised trust are how many witnesses you have to have to detect 
bad players - in overlay p2p this is well known but in MANETs or nets where you can triangulate on bad players from
multiple points, I think there's probably a much better bound 

an interesting feature of the p2p trust management systems is  that while they only give you statistical trust (and
some with do risk evaluation so you can use trust+risk to compute expected gain/loss like eBay etc),
when there is an infrastructure too, they are as good as you can get, but configuration free...so much more
deployable than traditional PKIs - of course, they have the problem that human understanding of risk is very poor
but hey, whats new ? 

i can't wait to see an article on 
how many unlikely bad things can you experience before breakfast:
the net effect from pier-to-peer, Phish _and_ spam? what a menu:-)