![]() |
|||
![]()
|
![]() |
![]() Click Here! |
![]() |
Signature Trust and Key Legitimacy Periodically, PGP processes the public-key ring to achieve consistency. In essence, this is a top-down process. For each OWNERTRUST field, PGP scans the ring for all signatures authored by that owner and updates the SIGTRUST field to equal the OWNERTRUST field. This process starts with keys for which there is ultimate trust. Then, all KEYLEGIT fields are computed on the basis of the attached signatures. Exhibit 8-7-7 provides an example of the way in which signature trust and key legitimacy are related. The exhibit shows the structure of a public-key ring. The user has acquired a number of public keys, some directly from their owners and some from a third party such as a key server.
The node labeled You refers to the entry in the public-key ring corresponding to this user. This key is valid and the OWNERTRUST value is ultimate trust. Each other node in the key ring has an OWNERTRUST value of undefined unless some other value is assigned by the user. In this example, the user has specified that it always trusts users D, E, F, and L to sign other keys. This user also partially trusts users A and B to sign other keys. The shading, or lack thereof, of the nodes in Exhibit 8-7-7 indicates the level of trust assigned by this user. The tree structure indicates which keys have been signed by which other users. If a key is signed by a user whose key is also in this key ring, the arrow joins the signed key to the signer. If the key is signed by a user whose key is not present in this key ring, the arrow joins the signed key to a question mark, indicating that the signer is unknown to the user. Exhibit 8-7-7 illustrates that all keys whose owners are fully or partially trusted by the user have been signed by this user, with the exception of node L. Such a user signature is not always necessary, as the presence of node L indicates, but in practice most users are likely to sign the keys for most owners that they trust. So, for example, even though Es key is already signed by trusted introducer F, the user chose to sign Es key directly. It can be assumed that two partially trusted signatures are sufficient to certify a key. Hence, the key for user H is deemed valid by PGP because it is signed by A and B, both of whom are partially trusted. A key may be determined to be valid because it is signed by one fully trusted or two partially trusted signers, but its user may not be trusted to sign other keys. For example, Ns key is valid because it is signed by E, whom this user trusts, but N is not trusted to sign other keys because this user has not assigned N that trust value. Therefore, although Rs key is signed by N, PGP does not consider Rs key valid. This situation makes perfect sense. If a user wants to send a secret message to an individual, it is not necessary that the user trust that individual in any respect. It is only necessary to ensure use of the correct public key for that individual. Exhibit 8-7-7 also shows a detached orphan node S, with two unknown signatures. Such a key may have been acquired from a key server. PGP cannot assume that this key is valid simply because it came from a reputable server. The user must declare the key valid by signing it or by telling PGP that it is willing to fully trust one of the keys signers. It is the PGP web of trust that makes it practical as a universal E-mail security utility. Any group, however informal and however dispersed, can build up the web of trust needed for secure communications. SUMMARY PGP is already widely used. PGP has become essential to those struggling for freedom in former Communist countries. Ordinary people throughout the world are active participants in the alt.security.PGP USENET newsgroup. Because PGP fills a widespread need, and because there is no reasonable alternative, its future is secure. One of the best lists of locations for obtaining PGP, with the file name getpgp.asc, is maintained at two file transfer protocol sites on the Internet: ftp.csn.net/mpj and ftp.netcom.com/pub/mp/mpj.
|
![]() |
|
Use of this site is subject certain Terms & Conditions. Copyright (c) 1996-1999 EarthWeb, Inc.. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of EarthWeb is prohibited. Please read our privacy policy for details. |