PGP has the same difficulty as other public key systems: how to
distribute keys in such a way as to avoid a successful
"man-in-the-middle" attack. In commercial RSA-based products (such
as SSL for Web-based E-Commerce) the solution is commercial
Certificate Authorities. PGP adopts a more "low-tech" (but highly
effective) approach called a Web of Trust.
PGP implements certificates, exactly analogous to the X.509
certificates discussed earlier -- in fact, PGP can use X.509
certificates. The PGP certificate extends to allowing
multiple signatures, which allows several people
to independently attest that the certificate is genuine. In the PKI
slide, earlier, the trust model
was hierarchic. In PGP it is
cumulative -- a certificate gains authority as
more people sign it. A signer for a certificate becomes an
introducer for that certificate. For example, if
you trust me, and I appear as an
introducer of a new certificate, then you will tend to trust the
certificate as well -- as in: "I trust him, and he trusts the other
guy, so I guess I trust the other guy as well..." Trust becomes
transitive.
In the early days of PGP, an initial Web of Trust was established
by holding PGP signing parties, where people would
identify themselves to others, and then sign their certificates.
PGP also has the notion of complete trust and
marginal trust, in addition to untrusted
certificates.
More Information
The links in the body of this lecture were primary sources. The
following might also be useful: