VernonNemitz's Journal: Web of Trust

Think about the number of different sites you typically visit, and the number of sites where you joined to become someone who could post some sort of content. You've probably used different passwords at those sites, which means that, in general, you are the only person who is able to access your accounts at all those sites. Now suppose you fired up a "Pretty Good Privacy" program like "GnuPG", and created a Private Key (that you keep secret) and a Public Key that you post at multiple web sites. Since this would be the same data at each site, and it is assumed that only you can access your accounts at all those sites, it logically follows that there is a high probability that no hacker has posted a Public Key while pretending to be you. You have basically used the Internet to create a Web of Trust that authenticates you! Think about that in terms of SSL Certificates and Certificate Authorities --they charge big bucks to verify that you are you, so that the SSL Certificate you get from them can be trusted by others. But instead of that, you could create a "self-signed" certificate, and associate it with a "digital signature", which you also post at multiple web sites. Again, when the same data is at multiple places that only you can modify (and when the data includes a list of those places), it follows that others can trust that your self-signed certificate is practically as good/valid as one issued by a Certificate Authority.