pgp (PowerPoint)

Document Sample
pgp (PowerPoint) Powered By Docstoc
					PGP Pretty Good Privacy

    Designed for secure transfer of
    e-mails with off-line or out of
    band key distribution.




  PKI2001(TIFR,Mumbai)
Introduction
   PGP users maintain their own list
    of public keys, called keyring.
   PGP allows users to exchange
    keyrings.
   Each user fully trusts the others
    they meet outside of the Internet.


         PKI2001(TIFR,Mumbai)
One Simple Example




    PKI2001(TIFR,Mumbai)
Alice        Bob         Chris    Elvis


Alice         Bob         Chris   Elvis
Bob           Chris       Bob
                          Elvis
Bob  Chris

              Elvis
Alice  Bob

Chris
Elvis


        PKI2001(TIFR,Mumbai)
Web Of Trust
   By Bob  Chris, Bob and Chris
    exchanged their keyrings, and they
    fully trust each other.
   But what about Chris  Elvis,
    when “Elvis” is an impersonator of
    real Elvis ?
   This means Chris has been fooled
    and ultimately Bob and Alice too.
    Since Alice  Bob
         PKI2001(TIFR,Mumbai)
Individual Trust Policy
   PGP allows the user to assign one
    of four following attributes while
    adding a new key to the keyring

     Completely   trusted
     Marginally trusted
     Untrusted
     Unknown.


         PKI2001(TIFR,Mumbai)
   The attributes attached with each
    key helps the keyring owner to
    decide how much trust he should
    put in the key.
   The keyring owner can tune PGP’s
    criteria for accepting key.
   For example, one can tell PGP to
    accept a key if it has been signed
    by
       2  completely trusted keys or
        at least 3 marginally trusted keys,

        1 completely and 2 marginally
         trusted keys etc.
       PKI2001(TIFR,Mumbai)
PGP PKI characteristics


                 The PGP certificate is
                 simple and rigid. It
Certificate      contains only a public
information      key, an email address,
                 and the degree-of-trust
                 attribute. It is not
                 extensible.

CA               PGP CAs are arranged
arrangement      in a web of trust.

CA <->           Each PGP user is her
Subject <->      own root CA. Subjects
User             may or may not be CAs.
relationship


      PKI2001(TIFR,Mumbai)
                    Since each user is their own CA,
                    the PGP user completely trusts
CA <-> Subject      her CA. The CAs can assign a
<-> User trust      degree of trust to their subjects
relationships       (i.e. other CAs), but they have no
                    way of preventing their trust from
                    being infinitely extended.

                    PGP uses neither online
                    validation nor validity periods.
Certificate         Once a certificate is added to a
validation method   user’s keyring, it is considered
                    valid until the user decides
                    otherwise.

                  PGP relies on word-of-mouth to
Certificate       propagate information about
revocation method revoked certificates. PGP does
                  not use CRLs.
           PKI2001(TIFR,Mumbai)
Identity vs. credential          PGP uses purely identity
certificates                     certificates. They have no
                                 provisions to include
                                 credentials.

                                 PGP has very weak
Irrefutability and strong        authentication. The sole
authentication                   means of identifying a
                                 subject is with an Internet
                                 email address.

In-band vs. out-of-band          PGP relies almost
authentication                   entirely on out-of-band
                                 authentication.

                                 PGP does not provide for
                                 any direct anonymity. A
Anonymity                        degree of anonymity can
                                 be achieved by using a
                                 "fake" email address.
          PKI2001(TIFR,Mumbai)
Conclusion
   A cliché “In God we trust, all others pay cash”
   PGP does have very strong security if the
    keyring owners have checked the trust
    relation between the users contained in
    the keyring very strictly but it is a matter
    of trust at last.
   If a single user cheats to other who
    puts full faith in him; the whole web faces
    the serious security threat.
   So it is useful for a small domain of trusted
    users.
             PKI2001(TIFR,Mumbai)

				
DOCUMENT INFO
Categories:
Tags:
Stats:
views:11
posted:4/2/2012
language:
pages:11