Breaking Down the Web of Trust

Presented at HOPE Number Six (2006), July 22, 2006, 8 p.m. (60 minutes).

The web of trust best known for its use in PGP is now used in a number of other applications and is established as a good method for doing non-centralized PKI. But how good is it? How does one define a metric for trusting a trust metric? We have key signing parties and extensive tutorials on good trust policies, but a lot of people still don't understand the basic concept of "trust," especially when it is superimposed on the world of graph theory.

Seth will take a look at the web of trust as it is currently used, including statistics on the PGP WoT and what that means in practical terms. And from there on, it's all about trust, including the trust metrics involved (and why they could be a lot better) and the current "correct" practices for establishing trust (and why they could be a lot better). To finish, Seth will talk about some of the many bad trust policies that have managed to become mainstream and commonly accepted, even by many self-described "computer security professionals."


Presenters:

  • Seth Hardy
    Seth Hardy stopped liking to write self-promoting blurbs a long time ago. In fact, he may never have liked it to begin with. He acknowledges that there's already far too much information about him on the intarweb and encourages people to do their own research if they're interested.

Links:

Similar Presentations: