Currently GnuTLS has exprerimental support for OpenPGP keys. OpenPGP keys are similar to X.509 certificates, in the sense that hold public key parameters. However they also allow for non-hierarchical trust models. This is not like an other new feature. It is more like a policy change. Here follows a description of both models.
See the figure1 for a graphical representation. In that figure a Central (Root) CA, certifies two subordinate CAs, which then certify Alice, Bob and a server. In that case, if Alice trusts the "Root CA" then she also trusts Bob's certificate and the server's certificate.
The only requirement in that model is that a user must somehow have the trusted CA's certificate available.
In the real world there are several Certificate Authorities, which certify people, and objects, often for money. Thus users have to decide which of the CAs to trust. One should note that the security of a model where someone trusts several CAs, is equal to the security of the least secure CA.
Unfortunately the trusted CAs decision is barely done by users, in practice. This decision of trusted CAs is done mostly by application programmers and administrators. A good example of this is the included CA certificates in popular web browsers.
See the figure2 which shows graphically the above case. The normal arrows indicate the sign operation, while the dot arrows indicate trust. Thus since Dave trusts Alice to be an introducer, and Alice signed Bob's key, Dave also trusts Bob's key to be the real one.
There are some key points that are important in that model. In the example Alice has to sign Bob's key, only if she is sure that the key belongs to Bob. Otherwise she may also make Dave falsely believe that this is Bob's key. Dave has also the responsibility to know who to trust. This model is similar to real life relations.
Just see how Charlie behaves in the previous example. Although he has signed Bob's key - because he knows, somehow, that it belongs to Bob - he does not trust Bob to be an introducer. Charlie decided to trust only Kevin, for some reason. A reason could be that Bob is lazy enough, and signs other people's keys without being sure that they belong to the actual owner.
Note that Certificate Authorities may exist in the OpenPGP model, although they are not required.
We believe that users should have the freedom to choose the trust model that suits best their needs, thus in GnuTLS we have implemented both. We have also proposed modifications to the TLS protocol for OpenPGP keys to the IETF TLS working group.
Please send inquiries about GNU and the FSF to
Free Software Foundation Voice: +1-617-542-5942 59 Temple Place - Suite 330 Fax: +1-617-542-2652 Boston MA 02111-1307 USA E-Mail: gnu@gnu.org
Please send broken links and other web page corrections (or suggestions) to
The GNU Webmasters webmasters@gnu.org
Please see the Translations README for information on coordinating and submitting translations.
Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004
Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
MA 02111, USA
Verbatim copying and distribution of this entire article are
permitted worldwide without royalty in any medium provided
this notice is preserved.
Updated: $Date: 2007/02/07 10:17:06 $ $Author: jas $