Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Public key infrastructure
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Web of trust === {{Main|Web of trust}} An alternative approach to the problem of public authentication of public key information is the web-of-trust scheme, which uses self-signed [[public key certificate|certificate]]s and third-party attestations of those certificates. The singular term "web of trust" does not imply the existence of a single web of trust, or common point of trust, but rather one of any number of potentially disjoint "webs of trust". Examples of implementations of this approach are [[Pretty Good Privacy|PGP]] (Pretty Good Privacy) and [[GnuPG]] (an implementation of [[OpenPGP]], the standardized specification of PGP). Because PGP and implementations allow the use of [[e-mail]] digital signatures for self-publication of public key information, it is relatively easy to implement one's own web of trust. One of the benefits of the web of trust, such as in [[Pretty Good Privacy|PGP]], is that it can interoperate with a PKI CA fully trusted by all parties in a domain (such as an internal CA in a company) that is willing to guarantee certificates, as a trusted introducer. If the "web of trust" is completely trusted then, because of the nature of a web of trust, trusting one certificate is granting trust to all the certificates in that web. A PKI is only as valuable as the standards and practices that control the issuance of certificates and including PGP or a personally instituted web of trust could significantly degrade the trustworthiness of that enterprise's or domain's implementation of PKI.<ref name="Overview">Ed Gerck, Overview of Certification Systems: x.509, CA, PGP and SKIP, in The Black Hat Briefings '99, http://www.securitytechnet.com/resource/rsc-center/presentation/black/vegas99/certover.pdf and http://mcwg.org/mcg-mirror/cert.htm {{Webarchive|url=https://web.archive.org/web/20080905230841/http://mcwg.org/mcg-mirror/cert.htm |date=2008-09-05 }}</ref> The web of trust concept was first put forth by PGP creator [[Phil Zimmermann]] in 1992 in the manual for PGP version 2.0: {{ quote | As time goes on, you will accumulate keys from other people that you may want to designate as trusted introducers. Everyone else will each choose their own trusted introducers. And everyone will gradually accumulate and distribute with their key a collection of certifying signatures from other people, with the expectation that anyone receiving it will trust at least one or two of the signatures. This will cause the emergence of a decentralized fault-tolerant web of confidence for all public keys. }}
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)