PGP Pretty Good Privacy
Designed for secure transfer of
e-mails with off-line or out of
band key distribution.
PGP users maintain their own list
of public keys, called keyring.
PGP allows users to exchange
Each user fully trusts the others
they meet outside of the Internet.
One Simple Example
Alice Bob Chris Elvis
Alice Bob Chris Elvis
Bob Chris Bob
Web Of Trust
By Bob Chris, Bob and Chris
exchanged their keyrings, and they
fully trust each other.
But what about Chris Elvis,
when “Elvis” is an impersonator of
real Elvis ?
This means Chris has been fooled
and ultimately Bob and Alice too.
Since Alice Bob
Individual Trust Policy
PGP allows the user to assign one
of four following attributes while
adding a new key to the keyring
The attributes attached with each
key helps the keyring owner to
decide how much trust he should
put in the key.
The keyring owner can tune PGP’s
criteria for accepting key.
For example, one can tell PGP to
accept a key if it has been signed
2 completely trusted keys or
at least 3 marginally trusted keys,
1 completely and 2 marginally
trusted keys etc.
PGP PKI characteristics
The PGP certificate is
simple and rigid. It
Certificate contains only a public
information key, an email address,
and the degree-of-trust
attribute. It is not
CA PGP CAs are arranged
arrangement in a web of trust.
CA <-> Each PGP user is her
Subject <-> own root CA. Subjects
User may or may not be CAs.
Since each user is their own CA,
the PGP user completely trusts
CA <-> Subject her CA. The CAs can assign a
<-> User trust degree of trust to their subjects
relationships (i.e. other CAs), but they have no
way of preventing their trust from
being infinitely extended.
PGP uses neither online
validation nor validity periods.
Certificate Once a certificate is added to a
validation method user’s keyring, it is considered
valid until the user decides
PGP relies on word-of-mouth to
Certificate propagate information about
revocation method revoked certificates. PGP does
not use CRLs.
Identity vs. credential PGP uses purely identity
certificates certificates. They have no
provisions to include
PGP has very weak
Irrefutability and strong authentication. The sole
authentication means of identifying a
subject is with an Internet
In-band vs. out-of-band PGP relies almost
authentication entirely on out-of-band
PGP does not provide for
any direct anonymity. A
Anonymity degree of anonymity can
be achieved by using a
"fake" email address.
A cliché “In God we trust, all others pay cash”
PGP does have very strong security if the
keyring owners have checked the trust
relation between the users contained in
the keyring very strictly but it is a matter
of trust at last.
If a single user cheats to other who
puts full faith in him; the whole web faces
the serious security threat.
So it is useful for a small domain of trusted