Cryptography Reference
In-Depth Information
become reality one day; see Section 5.9), preventing man-in-the-middle attacks
is probably the only security problem in the RSA method (see Section 4.5.3). It
is a matter of proving that Bob's public key is really Bob's and not Mallory's.
Using a hierarchy of certified key servers like in PEM/SMIME (see Section
7.2), where every user can fetch public keys, would have contradicted Zimmer-
mann's philosophy. His intention was to protect PGP from excessive govern-
mental access. So the entire security of the system was not to be concentrated
in a few points that could be audited by the authorities only.
Instead, Zimmermann invented the
Web of Trust
: every PGP user checks the
keys of other trustworthy users. The principle is relatively simple:
Alice creates a public key and has it digitally signed by friends and acquain-
tances. Together with these 'credentials', she passes it on. Now, when she adds
Bob's public key to her collection, her PGP will ask the following question:
do
you accept a certification of third-party public keys by Bob's signature?
Alice
can answer in either of the following ways:
1. Yes, always.
2. Sometimes.
3. No.
4. I don't know.
If Alice receives a third-party public key that was signed by one level-1 signa-
ture or two level-2 signatures, PGP will add it automatically as a trustworthy
key. Of course, she could also use non-certified keys, but PGP would warn her.
She could also change the levels of participants in either direction.
Alice can also check a public key directly. To this end, she creates a
fingerprint
of the public key received in PGP. This is the MD5 hash sum of the key, written
as a readable sequence of 16 hexadecimal numbers, for example:
24 38 1A 58 46 AD CC 2D AB C9 E0 F1 C7 3C 67 EC
(This example represents the electronic fingerprint of Phil Zimmermann.) Alice
calls the key's owner, Carol, and has her read the fingerprint she computed. If
things match, there is no doubt — assuming that MD5 is secure: unfortunately,
we saw in Section 6.3.1 that one can actually construct public-key pairs with
