Web of Trust Problems
The OpenPGP web of trust is essentially unaffected by such things as company failures, and has continued to function with little change. However, a related problem does occur. Users, whether individuals or organizations, who lose track of a private key can no longer decrypt messages sent to them produced using the matching public key found in an OpenPGP certificate. Early PGP certificates did not include expiry dates, and those certificates had unlimited lives. Users had to prepare a signed cancellation certificate against the time when the matching private key was lost or compromised. One very prominent cryptographer is still getting messages encrypted using a public key for which he long ago lost track of the private key (Ferguson 2003, p. 333). He can't do much with those messages except discard them after notifying the sender that they were unreadable and requesting resending with a public key for which he still has the matching private key. Later PGP, and all OpenPGP compliant certificates include expiry dates which automatically preclude such troubles (eventually) when used sensibly. This problem can also be easily avoided by the use of "designated revokers", which were introduced in the early 1990s. A key owner may designate a third party that has permission to revoke the key owner's key (in case the key owner loses his own private key and thus loses the ability to revoke his own public key).
A non-technical, social, difficulty with a Web of Trust like the one built into PGP/OpenPGP type systems is that every web of trust without a central controller (e.g., a CA) depends on other users for trust. Those with new certificates (i.e., produced in the process of generating a new key pair) will not likely be readily trusted by other users' systems, that is by those they have not personally met, until they find enough endorsements for the new certificate. This is because many other Web of Trust users will have their certificate vetting set to require one or more fully trusted endorsers of an otherwise unknown certificate (or perhaps several partial endorsers) before using the public key in that certificate to prepare messages, believe signatures, etc.
Despite the wide use of OpenPGP compliant systems and easy availability of on-line multiple key servers, it is possible in practice to be unable to readily find someone (or several people) to endorse a new certificate (e.g., by comparing physical identification to key owner information and then digitally signing the new certificate). Users in remote areas or undeveloped ones, for instance, may find other users scarce. And, if the other's certificate is also new (and with no or few endorsements from others), then its signature on any new certificate can offer only marginal benefit toward becoming trusted by still other parties' systems and so able to securely exchange messages with them. Key signing parties are a relatively popular mechanism to resolve this problem of finding other users who can install one's certificate in existing webs of trust by endorsing it. Websites also exist to facilitate the location of other OpenPGP users to arrange keysignings. The Gossamer Spider Web of Trust also makes key verification easier by linking OpenPGP users via a hierarchical style web of trust where end users can benefit by coincidental or determined trust of someone who is endorsed as an introducer, or by explicitly trusting GSWoT's top-level key minimally as a level 2 introducer (the top-level key endorses level 1 introducers).
The possibility of finding chains of certificates is often justified by the "small world phenomenon": given two individuals, it is often possible to find a short chain of people between them such that each person in the chain knows the preceding and following links. However, such a chain is not necessarily useful: the person encrypting an email or verifying a signature not only has to find a chain of signatures from his private key to his correspondent's, but also to trust each person of the chain to be honest and competent about signing keys (that is, he has to judge whether these people are likely to honestly follow the guidelines about verifying the identity of people before signing keys). This is a much stronger constraint.
Read more about this topic: Web Of Trust
Famous quotes containing the words web of, web, trust and/or problems:
“Thou blind man’s mark, thou fool’s self-chosen snare,
Fond Fancy’s scum and dregs of scattered thought,
Band of all evils, cradle of causeless care,
Thou web of will whose end is never wrought;
Desire! desire, I have too dearly bought
With price of mangled mind thy worthless ware;”
—Sir Philip Sidney (1554–1586)
“Ye whose clay-cold heads and luke-warm hearts can argue down or mask your passions—tell me, what trespass is it that man should have them?... If nature has so wove her web of kindness, that some threads of love and desire are entangled with the piece—must the whole web be rent in drawing them out?”
—Laurence Sterne (1713–1768)
“We need not fear excessive influence. A more generous trust is permitted. Serve the great. Stick at no humiliation. Grudge no office thou canst render. Be the limb of their body, the breath of their mouth. Compromise thy egotism.”
—Ralph Waldo Emerson (1803–1882)
“I believe that if we are to survive as a planet, we must teach this next generation to handle their own conflicts assertively and nonviolently. If in their early years our children learn to listen to all sides of the story, use their heads and then their mouths, and come up with a plan and share, then, when they become our leaders, and some of them will, they will have the tools to handle global problems and conflict.”
—Barbara Coloroso (20th century)