论文信息 - A New Approach to PGP's Web of Trust

A New Approach to PGP's Web of Trust

Trust and authenticity networks are possible solutions for the key authenticity problem in a decentralized public-key infrastructure. A particular trust model, the so-called Web of Trust, has been proposed for and is implemented in the popular e-mail encryption software PGP and its open source derivatives like GnuPG. In this paper, we investigate the drawbacks and weaknesses of the current PGP trust model, and we propose a new approach to handle trust and key validity in a more sophisticated way. A prototype of our solution has been implemented and tested with a recent GnuPG release.

Rolf Haenni | Jacek Jonczy

[1] Rolf Haenni,et al. Credential Networks: a General Model for Distributed Trust and Authenticity Management , 2005, PST.

[2] Philip R. Zimmermann,et al. The official PGP user's guide , 1996 .

[3] Wendy J. Myrvold,et al. Generic Reliability Trust Model , 2005, PST.

[4] Alice Bob,et al. The PGP Trust Model , 2005 .

[5] Ueli Maurer,et al. Confidence Valuation in a Public-Key Infrastructure Based on Uncertain Evidence , 2000, Public Key Cryptography.

[6] Rolf Haenni,et al. Towards a precise semantics for authenticity and trust , 2006, PST.

[7] Rolf Haenni,et al. A Probabilistic Trust Model for GnuPG , 2006 .

[8] Charles J. Colbourn,et al. The Combinatorics of Network Reliability , 1987 .

[9] William Stallings,et al. Cryptography and Network Security: Principles and Practice , 1998 .

[10] Charles J. Colbourn,et al. Chapter 11 Network reliability , 1995 .

[11] William Stallings,et al. Protect your privacy: a guide for PGP users , 1995 .

[12] Rolf Haenni. Using probabilistic argumentation for key validation in public-key cryptography , 2005, Int. J. Approx. Reason..

[13] Ueli Maurer,et al. Modelling a Public-Key Infrastructure , 1996, ESORICS.