Collaborate Disseminate
When signing a key X in the PGP Web of Trust model, I assign the key full validity. Other people who have my key in their key ring can regard X as valid as far as they fully trust me (owner trust).
This mechanism only works if people kno… Continue reading Are PGP/GnuPG trust information transferred to key servers?
One thing that I found out when starting using PGP:
When I uploaded my keys to the SKS keyserver, the keyserver did not take any action to verify that I am who I claim to be.
Since a PGP key contains a email adress, at least… Continue reading Why don’t PGP keyservers enforce double-opt-in?
The web of trust is a graph where the vertices are GPG users (actually, their keys) and the edges are cross-signatures. If we put issues of owner trust aside and assume that all participants only sign after checking the key f… Continue reading Is an anonymity network like Tor viable on top of the GPG web of trust?
I love the idea of decentralized trust, the web of trust, and the fact that anyone can run their own keyserver and isn’t beholden to a centralized point of failure. But does the decentralized “feature” of the web of trust and… Continue reading Is the PGP Web of Trust / Keyserver infrastructure permanently broken?
This question already has an answer here:
What is the web of trust?
3 answers
I’m studying network and system security an… Continue reading What is "web of trust" in PGP and S-MIME? [duplicate]