People across the world use OpenPGP, and you don't know all of them. Chances are that your keyring will start off populated with keys for friends and coworkers, and slowly grow as you communicate with more OpenPGP users. If you receive an encrypted email from a country on the far side of the world, however, it's quite possible that you will have nobody in common and hence you won't really be able to truly verify their identity. What do you do?
One possibility is to use only the corporate PGP keyserver and only correspond with people who use that keyserver. PGP Corporation's keyserver signs public keys after it verifies the email address they're attached to. However, OpenPGP is called "open" because anyone can implement it, and you can't control who will send you email any more than you can control who sends you postcards. I correspond with people all over the world who use OpenPGP, and quite a few have public keys that aren't even vaguely hooked into my Web of Trust. How can I trust them? Here are my three choices:
- Expand my Web of Trust
- Trace the Web of Trust to that person
- Use the key but limit my trust of the sender
Expanding Your Web of Trust
The most correct answer is to expand your Web of Trust. Exchange signatures with more people, even people with whom you're not likely to exchange encrypted mail. More people than you suspect travel between companies, countries, continents, and cultures. Sign their keys and have them sign yours, which will embed you more deeply in the Web of Trust, making it easier for you to reach others and for others to reach you. This takes time, however, and if you receive a mysterious email you don't want to wait weeks or months to read it.
Tracing the Web of Trust
Search Google for "PGP pathfinder" and you'll find any number of websites in which you can trace the path through the Web of Trust between any two OpenPGP keys available on public keyservers. These sites use the keyid for the two keys involved (remember, the keyid is just the last eight characters of the fingerprint). The more paths that exist through different people, the more likely I am to trust that key. Having had my key signed at a couple of different keysigning parties, I would expect to have several paths to anyone in the Web of Trust. For example, suppose that after publishing this book I get an email from someone who claims to be Phil Zimmermann, the original creator of PGP. The keyid of the message sender is B2D7795E. I can grab Phil Zimmermann's public key from a keyserver, or from his Web page, but it's possible that someone uploaded a bogus key for him just to fool people like me.
I visit the Web of Trust pathfinder at www.cs.uu.nl/people/henkp/henkp/pgp/pathfinder (Google's first result) andenter the keyid of the message I received and my keyid. This server tells me that there are eight disjunct paths between this key and mine. In other words, my key is linked to the other key by eight different paths that have no people whatsoever in common.
For that key to be fake, the faker would have had to fool a whole lot of people. Although I have never met Phil Zimmermann, I would believe that this key is legitimate. (If the only path had been through one of my incorrigible practical joker friends, or if there had only been one path, I would have been far more suspicious and infinitely less trusting.) Most of these Web of Trust tracing programs are based on wotsap, a freely available Python program designed to trace relationships between keys. Wotsap is available at many Internet sites; if you're seriously interested in analyzing the Web ofTrust, I suggest you start there.
Want to learn more about OpenPGP? Download the full chapter to learn more about its benefits.