Learn, hack!

URL

http://dewy.fem.tu-ilmenau.de/CCC/22C3/video/22C3-545-en-web_of_trust.mp4

File name

22C3-545-en-web_of_trust.mp4

File size

594.1 MB

MD5

b6d1ee89c93c4eb1887e652ba9dc9263

SHA1

7b3945cc67f6bbf997ee075e76993d375d36f3c2

Even with tutorials on the WoT and good trust policies the concept of "trust" can still be hard to grasp. Here we'll look at trust metrics, ways of using current trust systems better, and some non-crypto applications of trust. The web of trust best known for its use in PGP is now used in a number of other applications and is established as a good method for doing non-centralized PKI. But how good is it? How does one define a metric for trusting a trust metric? We have keysigning parties and extensive tutorials on good trust policies, but a lot of people still don't understand the basic concept of "trust," especially when it is superimposed on the world of graph theory. We'll take a look at the web of trust as it is currently used, including statistics on the PGP WoT and what that means in practical terms. And from there on, it's all about trust, including the trust metrics involved (and why they could be a lot better), and current "correct" practices for establishing trust (and why they could be a lot better). To wrap up, we'll look at the possibilities for doing other interesting (but non-cryptographic) applications involving trust.