140 likes | 346 Views
PGP. Pretty Good Privacy Designed for secure transfer of e-mails with off-line or out of band key distribution. Introduction. PGP users maintain their own list of public keys, called keyring . PGP allows users to exchange keyrings.
E N D
PGP Pretty Good Privacy Designed for secure transfer of e-mails with off-line or out of band key distribution. PKI2001(TIFR,Mumbai)
Introduction • PGP users maintain their own list of public keys, called keyring. • PGP allows users to exchange keyrings. • Each user fully trusts the others they meet outside of the Internet. PKI2001(TIFR,Mumbai)
One Simple Example PKI2001(TIFR,Mumbai)
Alice Bob Chris Elvis Alice Bob Chris Elvis Bob Chris Bob Elvis Bob Chris Elvis Alice Bob Chris Elvis PKI2001(TIFR,Mumbai)
Web Of Trust • By Bob Chris, Bob and Chris exchanged their keyrings, and they fully trust each other. • But what about Chris Elvis, when “Elvis” is an impersonator of real Elvis ? • This means Chris has been fooled and ultimately Bob and Alice too. Since Alice Bob PKI2001(TIFR,Mumbai)
Individual Trust Policy • PGP allows the user to assign one of four following attributes while adding a new key to the keyring • Completely trusted • Marginally trusted • Untrusted • Unknown. PKI2001(TIFR,Mumbai)
The attributes attached with each key helps the keyring owner to decide how much trust he should put in the key. • The keyring owner can tune PGP’s criteria for accepting key. • For example, one can tell PGP to accept a key if it has been signed by • 2 completely trusted keys or • at least 3 marginally trusted keys, • 1 completely and 2 marginally trusted keys etc. PKI2001(TIFR,Mumbai)
Conclusion A cliché “In God we trust, all others pay cash” PGP does have very strong security if the keyring owners have checked the trust relation between the users contained in the keyring very strictly but it is a matter of trust at last. If a single user cheats to other who puts full faith in him; the whole web faces the serious security threat. So it is useful for a small domain of trusted users. PKI2001(TIFR,Mumbai)