Pretty Good Privacy was committed to making proper encryption available for everyone. The design of the cryptography was revolutionary at the time. The big problem with public-key encryption persisted: How do I get the right key from a person I don’t know?

Web of Trust

The Web of Trust was intended to solve this exact purpose, but the promise of encryption for everyone could never be kept. It only ever worked in a small community of PGP enthusiasts.

The inflationary signing of keys now causes severe problems and is, therefore, removed in GnuPG in version 2.2.17. By default, this version is ignoring all signatures coming from a key server.

The basis of the Web of Trust is that “no two people are more than six degrees apart”. Everybody knows everyone. If you authenticate the key of your acquaintances, you’ll eventually reach a state where you can trust the key of person X that came from a central key server. Alter all, the friend of a friend confirmed that the key actually belongs to X and wasn’t placed there by some malicious actor.

Anyone can sign any key and upload the signed version to the keyserver - in theory only after verifying its authenticity. The Synchronizing Key Server (SKS) was designed in such a way that no key or signatures can be deleted to prevent threat actors from forcing key server operators to replace real keys with fake ones.

This, however, enabled a range of attack scenarios. Currently, unknown people load keys onto keyservers again and again, which carry hundreds of thousands of signatures. Read the crisis communication by Robert J. Hansen.

Whoever imports such a key will stall their PGP installation. There is currently no known fix on the side of the SKS servers. Other options to rescue PGP had to be found.

“We’ve known for a decade this attack is possible. It’s now here and it’s devastating” rjh

The end of key signatures

In a direct response, GnuPG from version 2.2.17 added a new option self-sign-only, which is now the default option. It ensures that only the key servers own signatures are retained when a key is imported. The spam signatures and also those of the sister of your friends - are no longer imported into the local keychain. This doesn’t affect manually imported keys.

This solves the signature spam abuse for GPG users. But it comes with a hefty price tag. You no longer have any indication as to whether the imported key from a server is matching the person or not. This problem is real because anyone can upload a key for any identity to the key servers.

OpenPGP enthusiasts introduced a new keyserver a few weeks ago. It verifies the e-mail address given in the key and only publishes it after successful verification. As things currently stand, there are a lot of arguments for using keys.openpgp.org instead of the SKS servers.

a picture showing a mailbox

The future

The Web of Trust is practically dead and can be considered a failure. The question arises on how the trust in PGP keys can be restored. Some people argue the community should look at mobile messenger services.

They provide a convenient way of key verification via phone numbers and do not require any user actions or signatures. The goal has to be the trust in the genuineness of the delivered keys.