Caught in the Web of Trust

0 Conversations


An unintended consequence exists for users of public-key cryptography who rely on the Web of Trust to validate the public keys they use; it could expose them to personal risk. Divided into two sections, this article first introduces the concepts of public-key cryptography for those readers who are unfamiliar with the technology; second, it describes the unintended consequence of using the Web of Trust.

Introduction


Public-key cryptography is a practical method for secure exchange of information using an asymmetric cypher. An asymmetric cypher is one in which a sender uses the recipient’s public key to encrypt the message, which can only be decrypted using the recipient’s secret key. Public keys are usually stored on a key-server1 where they remain available for anyone to use.


A weakness in this ready availability of public keys is that a sender cannot be sure that the public key being used to encrypt a message is really associated with the person purported to be the recipient. It could be a spoof public-key to get the sender to send messages intended for a friend redirected to an enemy. To eliminate this weakness, it is necessary for the sender to validate the recipient’s key by comparing the fingerprint of the key received from the keyserver with the recipient’s original. Secure validation is usually done by comparing fingerprints via telephone or in person. As a procedure this is good between friends, but becomes impractical for a wider circle of correspondents, especially when correspondents have never met in person. It is this wider problem of public key validation that public key cryptography mitigates with a mechanism commonly known as the Web of Trust.


If Alice trusts Blake to properly validate keys that he signs, then Alice can infer that Chloe’s and Dharma’s keys are valid without having to personally check them. She simply uses her validated copy of Blake’s public key to check that Blake’s signatures on Chloe’s and Dharma’s are good. In general, assuming that Alice fully trusts everybody to properly validate keys they sign, then any key signed by a valid key is also considered valid. The root is Alice’s key, which is axiomatically assumed to be valid. [Gnu Privacy Handbook, Chapter-3]


The Gnu Privacy Handbook contains a detailed discussion of this concept; for a copy, see the Guides section of the GnuPG web-site at www.gnupg.org.

Guilt by Association


Since the Web of Trust becomes part of the public keys in the public-key database, readily available to anyone with access to the key-server, it promotes guilt by association. By subjecting the Web of Trust to analysis to discover who trusts whom, it is possible to create a list of suspects that can be taken up for questioning by the State Police,


As an innocent party who has in good faith validated a series of keys, you could be caught in the Web of Trust, arrested on suspicion of criminal activity if your trusting nature has become associated with a public key holder found to be guilty of a crime.


It is not a new problem, but one that became familiar to medieval heretics who challenged the absolute authority of the Roman Catholic Church and the Pope. Spread of heresy is similar in nature to a scale-free network, in which many nodes connect to a few others, these few nodes having disproportionately large numbers of links. Dominican friar Bernard Gui discovered that the best way to suppress a network of heretics is to attack the connections instead of the nodes, that is, all those who have contact with the heretic; he did this by spying on who visited the suspect and who else was involved in traffic with the suspect. See Michael Brooks’s article Dangerous liaisons, New Scientist vol 179 issue 2408 - 16 August 2003, page 32.


Of course, ordinary analysis of message traffic will reveal links with a suspect, but the Web of Trust provides greater confidence because links in the Web are actively forged by individuals whereas message traffic can be broadcast by anyone related or unrelated to the suspect.


As a rule, it is best to be as inconspicuous as possible; therefore, it is best to avoid using the Web of Trust. Paranoid persons should shun the use of key-servers altogether.

1Key-server: And easy way to access the public key-server network around the world is to send an email message to pgp-public-keys[at]2keys.pgp.net with the word help in the subject-line. A text help file will be returned in an automated reply from the key-server, as an attachment to the reply message.2[at]: Replace these characters with the @-symbol. A precaution against email address harvesters.

Bookmark on your Personal Space


Conversations About This Entry

There are no Conversations for this Entry

Entry

A2938728

Infinite Improbability Drive

Infinite Improbability Drive

Read a random Edited Entry


Written and Edited by

References

External Links

Not Panicking Ltd is not responsible for the content of external internet sites

Disclaimer

h2g2 is created by h2g2's users, who are members of the public. The views expressed are theirs and unless specifically stated are not those of the Not Panicking Ltd. Unlike Edited Entries, Entries have not been checked by an Editor. If you consider any Entry to be in breach of the site's House Rules, please register a complaint. For any other comments, please visit the Feedback page.

Write an Entry

"The Hitchhiker's Guide to the Galaxy is a wholly remarkable book. It has been compiled and recompiled many times and under many different editorships. It contains contributions from countless numbers of travellers and researchers."

Write an entry
Read more