Cryptography Reference
In-Depth Information
Analysis and Summary
PGP utilizes a package of algorithms, in a general-purpose application, which
is operatingsystem and machine independent, embodyingonly a few simple
operations. It is freeware for individuals and of moderate cost to commercial
enterprises who enjoy vendor support. Moreover, the scheme is independent of
government control (although it has become Internet standard track RFC3156,
MIME security with OpenPGP, which we will study in the followingsection).
The trust model
used by PGP does
not include a PKI
specification, but
its web-of-trust
approach (see
page 238) does
provide a conve-
nient trust-use
mechanism for the
purpose of linking
trust with public
keys, as depicted
by our discussion
of public and
private-key rings
on pages 280-
285). This is a
particularly clever
and innovative
means of dealing
with one of the
principle weak-
nesses of PKC,
namely, the pro-
tection of public
keys from being
compromised.
In conclusion,
PGP embodies an
interwoven collec-
tion of protocols
(includingpublic-
key management) in an eJcient, yet secure manner to ensure authentication
and confidentiality of e-mail services, as well as file storage.
Figure 8.3: Phil Zimmermann in Red Square.
From
Computerworld Russia
.
Search WWH ::
Custom Search