What is a Web of Trust?
Web of Trust is an informal technique for assessing the authenticity of public keys, particularly among PGP users. Users who upload new public keys have someone they know with a public/private key pair sign the new key. Whenever the signer validates the identification of the person holding the new key, the signer confirms that the new key is valid. Before signing, the signer ensures the key has the right fingerprint (actual code). After signing, the signed key is sent to key servers. Anyone who trusts the signer to follow correct identification processes can decide to trust all keys signed by that person. Expanding the web of trust, users can trust everyone whose keys have been signed by trustworthy signers. This approach differs from traditional public key cryptosystems in that no centralized or hierarchical signing authorities exist.
What is Web of Trust?
Web of Trust in cryptography is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to verify the legitimacy of a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure (PKI), which is entirely dependent on a certificate authority (or a hierarchy of them). As with computer networks, there are several separate webs of trust, and any user (via their public key certificate) can participate in and connect multiple webs.