To Learn More or Register: LinuxCon North America | CloudOpen North America
Back To Schedule
Friday, August 22 • 2:45pm - 3:35pm
PGP Web of Trust: How Does it Work? - Konstantin Ryabitsev, The Linux Foundation

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

All Public Key Cryptography (PKI) implementations rely on trust. Before Alice sends a secret message to Bob, she must trust that the public key she is about to use actually belongs to Bob, and not to Eve. PKI implementations such as x.509, which is the standard behind SSL, TLS and S/MIME, rely on centralized Certification Authorities (CAs), who issue digital certificates stating that Bob's key actually belongs to Bob. Putting all our trust in CAs has important flaws (hackers, governments,and frequently both), which is why another PKI implementation, OpenPGP, chooses to rely instead on a "Web of Trust," where each user builds up their own trust relationships from the ground up and therefore does not rely on any central authorities. This talk will shed a light on how the OpenPGP web of trust works, covering such topics as: the distinction of key trust from key validity; the difference between ultimately, fully, and marginally trusted keys; the importance of revocation certificates; the usefulness of delegated trust in larger organizations. Basic knowledge of public key cryptography is required.

Survey this Session   

avatar for Konstantin Ryabitsev

Konstantin Ryabitsev

Director, IT Projects, The Linux Foundation
Long-time systems administrator responsible for infrastructure security at The Linux Foundation.

Friday August 22, 2014 2:45pm - 3:35pm
Sheraton Ballroom I

Attendees (0)