Trust model - Web of trust
About
A web of trust is a trust model defined in the OpenPGP standard that relies on users to establish the authenticity of the binding between a public key and its owner.
Without a central controller (e.g., a CA), users depends on other users for trust.
Each public key is:
- bound to a username or an e-mail address known as User-Id.
- published to a server
Its decentralized trust model is an alternative to the centralized trust model of a x.509 hierarchical public key infrastructure, which relies exclusively on a a hierarchy of certificate authority.