0

I'm studying network and system security and I came across the phrase Web of Trust:

In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure (PKI), which relies exclusively on a certificate authority (or a hierarchy of such). As with computer networks, there are many independent webs of trust, and any user (through their identity certificate) can be a part of, and a link between, multiple webs.

I want a clearer definition and some example if possible.

schroeder
  • 125,553
  • 55
  • 289
  • 326
Amanuel Nega
  • 225
  • 1
  • 2
  • 7
  • 1
    What research have you done? We expect you to do some research before asking. There's lots of material on this subject in standard places (e.g., the Internet, Wikipedia, crypto textbooks). – D.W. Jun 18 '14 at 21:45

1 Answers1

3

You trust A and A tells you that K is the key of B. Therefore, you believe that K is the key of B. Of course, this can be extended to indirect chains. For example if you trust the judgement of A, you can specify that you also trust anyone that A trusts.

PGP users sometimes also have key signing events. The idea is that you show up and prove your credentials to other people at the event who will then sign your key. This now means that whoever trusts someone at the event that signed your key, can check the signature of your key made at the event and thus verify that the key they found online actually is your key.

These trust relationships form a network and this is your "Web of Trust".