max-cert-depth and "chains of trust" in GPG

bezna george.davidescu at gmail.com
Fri Jun 6 22:26:19 CEST 2008 

I'm a bit confused as to how trust is handled in GPG, or maybe PGP in
general. It seems to me that it is impossible to establish long chains of
trust in GPG, because trust databases are kept hidden from other users and
ownertrust values have to be set by the user himself; as a result of this
the maximum depth of a "chain of trust" seems to be 2: the owner (depth 0),
his trusted introducer (depth 1) and the person whose certificate is
validated by the trusted introducer (depth 1). When I got into GPG I was
under the impression that you could rely on long "chains of trust" or chains
of trusted introducers in order to validate a certificate at the end of the
chain. However, as Abdul-Rahman points out
(http://www.wim.uni-koeln.de/uploads/media/The_PGP_Trust_Model.pdf), this
does not seem to be the case. 

Let me illustrate with an example. Say Alice signs Bob's key, and Bob signs
Charlie's key. Now say Alice fully trusts Bob. Suppose also that Bob fully
trusts Charlie. Because of her trust in Bob, Charlie's certificate appears
valid to Alice. The chain might look something like this (note that the
arrow represents both a valid signature and full trust given by the person
from whom the arrow originates to the person at the tip of the arrow).

          A --> B --> C
Depth: 0       1       2
Valid:   y       y       y 

Recall that Bob fully trusts Charlie. Now suppose Charlie had signed Dale's
certificate. In theory, this could lead to the establishment of a "chain of
trust" where Dale's certificate appears valid to Alice, who trusts Bob's
competence in assessing the authenticity of a certificate, who in turn
trusts Charlie, who vetted and signed Dale's certificate. How trustworthyess
should be computed as we progress down such a chain is another issue.

          A--> B--> C--> D
Depth: 0      1     2      3
Valid:  y       y     y      y
 
However, this does not happen in GPG. Because Alice does not have access to
Bob's trust database (unless he exports it and gives it to her), she has no
way of knowing who Bob trusts and to what extent. Thus, she can only rely on
the signatures made by Bob himself to determine if a certificate is valid,
but not Bob's trusted introducers because she has no idea who they are. 

          A--> B--> C--> D
Depth: 0      1     2      3
Valid:   y      y     y      ?

A workaround to this problem is for Alice to fully trust Charlie (who
appears valid to her because of Bob's signature) as an introducer, thereby
validating Dale's certificate through him. Note that Alice doesn't need to
sign Dale's certificate herself to do this. The next illustration shows the
situation from Alice's perspective only (IE she has no access to who the
other players trust). --> arrows represent both a signature and full trust,
while ==> arrows represent only signatures.

          A-->  B
           \      ||
            |     v
            ---> C==> D

Bob's certificate appears valid to Alice because she signed it. Charlie's
certificate is validated because she trusts Bob and Bob signed Charlie's
key. Dale's certificate is validated because she trusts Charlie and Charlie
has signed Dale's key.

Note that the graph tracing the signatures the players have made is
different from the above graph of Alice's trust database, keeping in mind
that Alice signed Bob, Bob signed Charlie and Charlie signed Dale:

          A==> B==> C==> D
Depth: 0      1       2       3

So for Alice to be able to validate a certificate through someone else's
signature, she has to personally trust that someone else; the trust can't
transfer through an intermediate. 

Ok, now, after all this, which I hope you understood, come the questions. Am
I understanding this correctly? Can "chains of trust" have only a depth of
one (Alice and the person she trusts) or is there something more? 

What does the max-cert-depth parameter refer to? Is that the depth of the
"chain of signatures"? 

And lastly, how do all these sites and applications that trace a path
between your certificate and another person's certificate work? Based on
tracing signatures alone? Is it possible to export your trust database to
these servers so they will aggregate it into one and take trust as well as
signatures into account in determining validity down a chain?

Is there anything out there that incorporates real chains of trust of some
substantial length?

Thanks for your assistance and for taking the time to read this. 

George


-- 
View this message in context: http://www.nabble.com/max-cert-depth-and-%22chains-of-trust%22-in-GPG-tp17700504p17700504.html
Sent from the GnuPG - User mailing list archive at Nabble.com.

More information about the Gnupg-users mailing list