1 / 11

PGP

PGP. Pretty Good Privacy Designed for secure transfer of e-mails with off-line or out of band key distribution. Introduction. PGP users maintain their own list of public keys, called keyring . PGP allows users to exchange keyrings.

hope
Download Presentation

PGP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PGP Pretty Good Privacy Designed for secure transfer of e-mails with off-line or out of band key distribution. PKI2001(TIFR,Mumbai)

  2. Introduction • PGP users maintain their own list of public keys, called keyring. • PGP allows users to exchange keyrings. • Each user fully trusts the others they meet outside of the Internet. PKI2001(TIFR,Mumbai)

  3. One Simple Example PKI2001(TIFR,Mumbai)

  4. Alice Bob Chris Elvis Alice Bob Chris Elvis Bob Chris Bob Elvis Bob  Chris Elvis Alice  Bob Chris Elvis PKI2001(TIFR,Mumbai)

  5. Web Of Trust • By Bob  Chris, Bob and Chris exchanged their keyrings, and they fully trust each other. • But what about Chris  Elvis, when “Elvis” is an impersonator of real Elvis ? • This means Chris has been fooled and ultimately Bob and Alice too. Since Alice  Bob PKI2001(TIFR,Mumbai)

  6. Individual Trust Policy • PGP allows the user to assign one of four following attributes while adding a new key to the keyring • Completely trusted • Marginally trusted • Untrusted • Unknown. PKI2001(TIFR,Mumbai)

  7. The attributes attached with each key helps the keyring owner to decide how much trust he should put in the key. • The keyring owner can tune PGP’s criteria for accepting key. • For example, one can tell PGP to accept a key if it has been signed by • 2 completely trusted keys or • at least 3 marginally trusted keys, • 1 completely and 2 marginally trusted keys etc. PKI2001(TIFR,Mumbai)

  8. PKI2001(TIFR,Mumbai)

  9. PKI2001(TIFR,Mumbai)

  10. PKI2001(TIFR,Mumbai)

  11. Conclusion A cliché “In God we trust, all others pay cash” PGP does have very strong security if the keyring owners have checked the trust relation between the users contained in the keyring very strictly but it is a matter of trust at last. If a single user cheats to other who puts full faith in him; the whole web faces the serious security threat. So it is useful for a small domain of trusted users. PKI2001(TIFR,Mumbai)

More Related