Add note on transitive trust to Trust Model section. Fix #252.

msporny · msporny · commit 4b204e350f3f · 2018-11-25T17:25:46.000-05:00
diff --git a/index.html b/index.html
@@ -681,6 +681,19 @@ <h1>Trust Model</h1>
 with various threat models studied by the Working Group are urged to read
 the Verifiable Credentials Use Cases Document [[VC-USECASES]].
       </p>
+
+<p class="note">
+Experts may recognize that the data model detailed in this specification
+does not imply a transitive trust model, such as that provided by more
+traditional Certificate Authority trust models. In the Verifiable Credentials
+Data Model, a <a>verifier</a> either directly trusts an <a>issuer</a> or it
+does not trust the issuer. While it is possible to build transitive trust
+models using the Verifiable Credentials Data Model, implementers are urged
+to
+<a href="https://tools.ietf.org/html/draft-housley-web-pki-problems">learn about the security weaknesses</a>
+introduced by broadly delegating trust in the manner adopted by
+Certificate Authority systems.
+      </p>
     </section>
 
     <section>
