Trust Processing

By: Jesse Miller

Although PGP does not include any specification for establishing certifying authorities or for establishing trust, it does provide a convenient means of using trust, associating trust with public keys, and exploiting trust information.

The basic structure is as follows. Each entry in the public key ring is a public key certificate as described in the preceding subsection. Associated with each such entry is a key legitimacy field that indicates the extent to which PGP will trust that this is a valid public key for this user.

The higher the level of trust the stronger is the binding of this user ID to this key. This field is computed by PGP. Also associated with the entry are zero or more signatures that the key ring owner has collected that sign this certificate.

In turn, each signature has associated with it a signature trust field that indicates the degree to which this PGP user trusts the signer to certify public keys. The key legitimacy field is derived from the collection of signature trust fields in the entry. Finally, each entry defines a public key associated with a particular owner and an owner trust field is included that indicates the degree to which this public key is trusted to sign other public key certificates.

This level of trust is assigned by the user. Signature fields can be viewed cached copies of the owner trust field from another entry.

The three fields mentioned contain a structure referred to as trust flag byte. The content of this trust flag for each of these three uses is described as follows. The operation of the trust processing is as follows. When A inserts a new public key on the public key ring, PGP must assign a value to the trust flag that is associated with the owner of this public key. If the owner is A, and therefore this public key also appears in the private key ring, then a value of ultimate trust is automatically assigned to the trust field.

Otherwise, PGP asks A for assessment of the trust to be assigned to the owner of this key, and A must enter the desired level. The user can specify that this owner is unknown, untrusted, marginally trusted, or completely trusted.

Quick Note: Taking the Nonsense out of looking for the right spyware remover

If you really want to take the work out of looking for that right Spyware Protection from a go to the Internet and get a or a Free
Download, In order to prevent your vital information from being ripped from your computer get your Remover Today.

When the new public key is entered, one or more signatures may be attached to it. More signatures may be added later. PGP processes the public key ring to achieve consistency.

Computers
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 

» More on Computers