Efficient and trustworthy key distribution in webs of trust

This paper introduces a method for finding trust paths in webs of trust. It makes use of untrusted key servers which collect certain information about trust relationships and give hints as to where a trustworthy recommendation path can be found. These hints can then be verified in a distributed protocol amongst the affected entities. In global networks, reliable distribution of public keys for authentication and encryption purposes is still a problem. Since it is impossible to have a single, globally trusted key server, a distributed approach is necessary. If an entity A looks for a public key of a prospective communication partner B, it will first ask its local trusted servers. If these servers do not know the public key of B, they can recommend other entities as trustworthy servers to A. With this method, A can go along a whole recommendation path until it finds the key of B. In order to believe that the key is indeed correct, A has to trust all entities on the path. The problem that remains is to find the right direction for a trustworthy recommendation path. There are two main approaches: The first is a strict regulation of the trust relationships, such that the search can go along a hierarchy. This implies that the participants have no choice but to follow the given trust structure. The second approach is an unrestricted web of trust. In these systems, there is not yet a satisfactory way to find trust paths. (C) 1998 Elsevier Science Ltd. All rights reserved.