No sub-articles
Browse articles in this level »
New article next to Peer-to-peer Trust Model New article below Peer-to-peer Trust Model 

  [toc]

## Basic Concepts ##

Peer-to-peer model is, as its name states, completely decentralised. This model functions without some central authority governing and enforcing trust on its peers (users, computers etc). Instead, the decision to trust or not to trust someone is left to the peers themselves.

The basic principle in peer-to-peer trust model is exchange of public keys between peers and their mutual verification. While the exchange may involve any kind of secure or insecure channel, the mutual verification usually requires a more reliable mechanism. Verification can be done, for example, through a telephone call, or even better meeting with someone in person.

In addition, some form of document may be procured by both parties involved in exchange (like passport) in order to verify each-others identity.

The public keys themselves are usually acknowledged by use of special identification strings - fingerprints. Fingerprints are deduced from the public keys, and due to the way they're calculated a person or device can usually have full trust that they're indeed derived from the specified public key. They're mostly used for human-readable way to guarantee that a right public key has been obtained.

## Extending the Basic Concepts - OpenPGP ##

Let's say Alice, Bob, and Charlie have all generated their private and public keys. In addition, Alice knows Bob, and Bob knows Charlie. Alice and Bob have exchanged their public keys, and they have established a mutual trust by verifying each-others identity, and integrity of the public keys. On the other hand, Bob and Charlie have done the same thing. The question that arises is whether this trust can be transitive? Can Alice also trust Charlie as well given she has high trust in Bob?

This type of transitive trust model is introduced by the OpenPGP standard. PGP stands for "pretty good privacy". OpenPGP allows a peer to assign an identity to its private/public key pair by signing the data containing information about its identity (like mail, name etc) and distributing the public key alongside this signed data.

This way a simple certificate is formed. Other peers may obtain this information and use it for verifying someone's identity through use of PKI. In addition OpenPGP introduces a trust model where peers can sign each-others OpenPGP keys and assign certain trust values to them (defining how much they trust the key). The signing itself is used for marking the key as trusted by the peer itself. The level of trust is used for defining whether this key can be trusted in transitive relations - i.e. how much can it be trusted for verification purposes of third-party keys.

In addition the OpenPGP standard provides means of *revoking* a key. Key revoking is used in case where some private key has been compromised. It is a way of signalling other parties involved in the peer-to-peer trust model that this key is no longer reliable.

OpenPGP keys are also assigned certain expiration dates which allows peers to trust a certain key only as long as its within the specified validity date. This is useful when the public key cryptography algorithms may get broken by crypt-analysis and other techniques.

## Pros and Cons of Peer-to-peer Trust Model ##

The peer-to-peer trust model is extremely powerful mechanism which is well suited for large environments like the Internet. It allows a lot of different individuals to exchange data and messages in a reliable way, being able to confirm the legitimacy of such data and messages. It also provides for cheap infrastructure which requires minimal maintenance costs (since the costs are basically distributed amongst the peers themselves).

On the other hand, peer-to-peer trust model is usually not well-suited for large corporate and government environments where the definition of trust must not lie within the hands of individuals. Such organisations tend to have much more hierarchical structure, and therefore required a different trust model to match it.