OHM2013: Trolling the Web of Trust

July 31, 2013 - 3:00pm
An hour north of Amsterdam, the Netherlands

EFF staff technologist Micah Lee will be speaking at OHM2013 about Trolling the Web of Trust.

OpenPGP has long been considered the cypherpunk gold standard for email encryption. The web of trust, facilitated by OpenPGP key servers, has also been considered the cypherpunk gold standard for a decentralized public key infrastructure. While OpenPGP and the web of trust have never been very popular amongst non-nerds, activists get trained in using it for the first time every day. But unless you have a fairly deep understanding of PGP keypairs, fingerprints, digital signatures, and the nature of key servers, the web of trust could be crawling with lies. I'll describe in detail many different attacks against the web of trust (some malicious, some lulzy) and ideas for improvement.

I'm going to talk about what information from the key servers that you can and can't trust, graffiti and artwork, duplicate key IDs, how to quickly generate keys, denial of service attacks, how you can't control what ends up on your public key, how the data on key servers can be manipulated anonymously, and lots of things anyone can and might already be doing with this information.

I'll show off lots of interesting things that already exist in the web of trust, and hypothetical things that might make it all much more interesting.

Additionally, I'll also be releasing several exciting scripts to help with exploring and trolling the web of trust, and what the best tools are to get play with the web of trust yourself.

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

EFF kicks off intro security trainings for tech newbies at the @SFPublicLibrary tonight. Tell your friends! https://www.eff.org/deeplinks...

Mar 28 @ 4:49pm

See how your Representative voted on the #Broadbandprivacy repeal. Every 'yay' vote was a vote against privacy. http://clerk.house.gov/evs/20...

Mar 28 @ 4:14pm

Digital privacy needs a fierce defender, and there are many battles ahead. Please support EFF. https://supporters.eff.org/do... #broadbandprivacy

Mar 28 @ 3:06pm
JavaScript license information