A proposal for the survival of the OpenPGP decentralized trust network

Wolf, Gunnar y Ortega Arjona, Jorge Luis (2022): A proposal for the survival of the OpenPGP decentralized trust network. In: GoodIT '22: Proceedings of the 2022 ACM Conference on Information Technology for Social Good. Association of Computing Machinery, New York, NY, United States, pp. 418-423. ISBN 978-1-4503-9284-6

Vista Previa

PDF - Versión Publicada Descargar (948kB)

Resumen

While the most common transitive trust model for identity validation in use over Internet is the heavily centralized Public Key Infrastructure with Certification Authorities (PKI-CA) model, it is also possible to make use of a fully decentralized model: the Web of Trust (WoT). The best known implementation of this model is OpenPGP, derived from the original PGP software, first released in 1991. In order to be useful for a geographically-dispersed group of people, the WoT requires a keyserver network for key lookup and discovery — in a fittingly decentralized way. However, during the last decade, several high profile vulnerabilities have surfaced for the keyserver network. These vulnerabilities are not on the software that implements it, but on its basic protocols and assumptions, which make them particularly hard to solve. As a consequence, the keyserver network has shrinked, and it is facing an existential crisis. This paper outlines a work in progress for solving such a situation, acknowledging the need to keep a decentralized solution for transitive trust model viable, and the proposal to do so by modifying the admission criteria for new key certificates.

Acciones (requiere ser usuario registrado)

Editar objeto