InfoconDB

Presented at DEF CON 14 (2006), Aug. 6, 2006, 2 p.m. (50 minutes)

The web of trust, as used in PGP, is a well-known system for establishing trust between people, even if the people have not previously met. Why does it work so well in crypto? The answer is simple: it's the same system that we all use on a daily basis when dealing with friends, family, relationships, andjust about everyone else we have to interact with. On the crypto side, however, there are a number of restrictions that limit the effectiveness of this trust network. While many "security professionals" say that they are mandatory, the system seems to work just as well without them— are they completely arbitrary? Here we'll look at a couple of these restrictions, focusing on the technical aspects of identity verification, and evaluate their effectiveness through a couple of real-world experiments.

Presenters:

Seth Hardy
Seth Hardy stopped writing these self-promoting blurbs a long while ago. While he acknowledges there's far too much information about him on the internet already, he's been told that just saying this doesn't look too good standing by itself in a bio.So, here's some supporting facts: he's been involved in cryptography research, academically and professionally, for the last eight years. Some of these areas of research include elliptic curves, combinatorial cryptography, random number generation, and trust networks. He's presented his work at a number of conferences, including Black Hat, DEFCON and the CCC Congress.

Your Name, Your Shoe Size, Your Identity? What do we Trust in this Web?

Presenters:

Links:

Similar Presentations: