Web of Trust - Operation of A Web of Trust

Operation of A Web of Trust

All OpenPGP-compliant implementations include a certificate vetting scheme to assist with this; its operation has been termed a web of trust. OpenPGP identity certificates (which include public key(s) and owner information) can be digitally signed by other users who, by that act, endorse the association of that public key with the person or entity listed in the certificate. This is commonly done at key signing parties.

OpenPGP-compliant implementations also include a vote counting scheme which can be used to determine which public key – owner association a user will trust while using PGP. For instance, if three partially trusted endorsers have vouched for a certificate (and so its included public key – owner binding), OR if one fully trusted endorser has done so, the association between owner and public key in that certificate will be trusted to be correct. The parameters are user-adjustable (e.g., no partials at all, or perhaps 6 partials) and can be completely bypassed if desired.

The scheme is flexible, unlike most public key infrastructure designs, and leaves trust decision(s) in the hands of individual users. It is not perfect and requires both caution and intelligent supervision by users. Essentially all PKI designs are less flexible and require users to follow the trust endorsement of the PKI generated, certificate authority (CA)-signed, certificates. Intelligence is normally neither required nor allowed. These arrangements are not perfect either, and require both caution and care by users.

In simpler terms, you have 2 keys: a public key that you let the people you trust know; and a private key that only you know. Your public key will decrypt any information encrypted with your private key, and vice-versa. In the web of trust you have a key ring with a group of people's public keys.

You encrypt your information with the recipients public key, and only their private key will decrypt it. You then digitally sign the information with your private key, so when they verify it with your public key, they can confirm that it is you. Doing this will ensure that the information came from you and has not been tampered with, and only the person you are sending it to can read the information (because only they know their private key).

Read more about this topic:  Web Of Trust

Famous quotes containing the words operation of, operation, web and/or trust:

    You may read any quantity of books, and you may almost as ignorant as you were at starting, if you don’t have, at the back of your minds, the change for words in definite images which can only be acquired through the operation of your observing faculties on the phenomena of nature.
    Thomas Henry Huxley (1825–95)

    It requires a surgical operation to get a joke well into a Scotch understanding. The only idea of wit, or rather that inferior variety of the electric talent which prevails occasionally in the North, and which, under the name of “Wut,” is so infinitely distressing to people of good taste, is laughing immoderately at stated intervals.
    Sydney Smith (1771–1845)

    Ye whose clay-cold heads and luke-warm hearts can argue down or mask your passions—tell me, what trespass is it that man should have them?... If nature has so wove her web of kindness, that some threads of love and desire are entangled with the piece—must the whole web be rent in drawing them out?
    Laurence Sterne (1713–1768)

    We are all selfish & I no more trust myself than others with a good motive.
    George Gordon Noel Byron (1788–1824)