A New Approach to PGP’s Web of Trust

Abstract. Trust and authenticity networks are possible solutions for the key authenticity problem in a decentralized public-key infrastructure. A particular trust model, the so-called Web of Trust, has been proposed for and is implemented in the popular e-mail encryption software PGP and its open source derivatives like GnuPG. In this paper, we investigate the drawbacks and weaknesses of the current PGP trust model, and we propose a new approach to handle trust and key validity in a more sophisticated way. A prototype of our solution has been implemented and tested with a recent GnuPG release. 3

Credential networks: a general model for distributed trust and authenticity management

In large open networks, handling trust and authenticity adequately is an important prerequisite for security. In a distributed approach, all network users are allowed to issue various types of credentials, e.g. certificates, recommendations, revocations, ratings, etc. This paper proposes such a distributed approach, in which the evaluation of trust and authenticity is based on so-called credential networks. The corresponding formal model includes many existing trust models as special cases. 1 1