To Learn More or Register: LinuxCon North America | CloudOpen North America
Back To Schedule
Friday, August 22 • 2:45pm - 3:35pm
PGP Web of Trust: How Does it Work? - Konstantin Ryabitsev, The Linux Foundation

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

All Public Key Cryptography (PKI) implementations rely on trust. Before Alice sends a secret message to Bob, she must trust that the public key she is about to use actually belongs to Bob, and not to Eve. PKI implementations such as x.509, which is the standard behind SSL, TLS and S/MIME, rely on centralized Certification Authorities (CAs), who issue digital certificates stating that Bob's key actually belongs to Bob. Putting all our trust in CAs has important flaws (hackers, governments,and frequently both), which is why another PKI implementation, OpenPGP, chooses to rely instead on a "Web of Trust," where each user builds up their own trust relationships from the ground up and therefore does not rely on any central authorities. This talk will shed a light on how the OpenPGP web of trust works, covering such topics as: the distinction of key trust from key validity; the difference between ultimately, fully, and marginally trusted keys; the importance of revocation certificates; the usefulness of delegated trust in larger organizations. Basic knowledge of public key cryptography is required.

Survey this Session   

avatar for Konstantin Ryabitsev

Konstantin Ryabitsev

Director, IT Projects, The Linux Foundation
Konstantin has been part of the IT management team behind kernel.org for the past 10 years. Part of his duties has been to help improve maintainer tooling and the end-to-end security of the development workflow behind the Linux kernel.

Friday August 22, 2014 2:45pm - 3:35pm CDT
Sheraton Ballroom I

Attendees (0)