Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
User Journal

Journal VernonNemitz's Journal: Web of Trust

Think about the number of different sites you typically visit, and the number of sites where you joined to become someone who could post some sort of content. You've probably used different passwords at those sites, which means that, in general, you are the only person who is able to access your accounts at all those sites. Now suppose you fired up a "Pretty Good Privacy" program like "GnuPG", and created a Private Key (that you keep secret) and a Public Key that you post at multiple web sites. Since this would be the same data at each site, and it is assumed that only you can access your accounts at all those sites, it logically follows that there is a high probability that no hacker has posted a Public Key while pretending to be you. You have basically used the Internet to create a Web of Trust that authenticates you! Think about that in terms of SSL Certificates and Certificate Authorities --they charge big bucks to verify that you are you, so that the SSL Certificate you get from them can be trusted by others. But instead of that, you could create a "self-signed" certificate, and associate it with a "digital signature", which you also post at multiple web sites. Again, when the same data is at multiple places that only you can modify (and when the data includes a list of those places), it follows that others can trust that your self-signed certificate is practically as good/valid as one issued by a Certificate Authority.

This discussion has been archived. No new comments can be posted.

Web of Trust

Comments Filter:

As in certain cults it is possible to kill a process if you know its true name. -- Ken Thompson and Dennis M. Ritchie

Working...