display | more...

The "Web of Trust" model is the most interesting thing about PGP, because this is where PGP differs dramatically from S/MIME.


  • PGP has no concept of a Certificate Authority: anyone may PGP Signature a certificate, and a certificate
    may be signed by many people.
  • Each PGP Key is assigned a level of validity: "undefined", "marginal" or "complete"
  • A user may validate a key directly by comparing the key "fingerprint" e.g.
    over the phone.
  • Each person (or more formally, their key) is assigned a level of "trust
    to introduce
    " -- this is how much the PGP user trusts the owner of this key to be an "introducer" to another public key certificate. "Full", "M
    arginal", "Untrustworthy", "Don't Know"
  • A certificate may be signed by any number of keys. It is up to the user to configure how many signatures from "full"y trustworthy keys, and how
    many from "marginal"ly trustworthy keys are required before she accepts
    that the certificate is valid (or marginally valid).
  • So, I might decide that Gary and Steve are marginally trustworthy enough
    to sign a certificate, but that Andy can be fully trusted. If I get a
    new certificate which claims to be Jon's, I might decide to trust it
    if it is signed by Andy, or if it signed by both Steve and Gary.
  • User may choose a CERT_DEPTH parameter, which configures how many "degrees
    of seperation
    " may exist between a trusted introducer and a new key such
    that it may be trusted. If CERT_DEPTH is 0, all keys have to be validated
    directly by the user.

  • "CA"s now exist, i.e. organisations who expect to be used as trusted signers.