1 00:00:00,850 --> 00:00:02,670 Web of trust. 2 00:00:02,670 --> 00:00:05,410 The web of trust is a decentralized trust model 3 00:00:05,410 --> 00:00:07,410 that addresses issues associated with the public 4 00:00:07,410 --> 00:00:11,650 authentication of public keys within a CA based PKI system. 5 00:00:11,650 --> 00:00:13,593 One of those issues is that you have to pay 6 00:00:13,593 --> 00:00:17,320 to get one of these digital certificates from a CA. 7 00:00:17,320 --> 00:00:20,940 Now with a web of trust we instead use a peer-to-peer model, 8 00:00:20,940 --> 00:00:23,120 where I trust you and you trust me, 9 00:00:23,120 --> 00:00:25,790 and because of that we now can give that trust 10 00:00:25,790 --> 00:00:28,160 to other people as we go around. 11 00:00:28,160 --> 00:00:30,240 So how do we know who we're going to be able to trust, 12 00:00:30,240 --> 00:00:31,760 when there's no third party? 13 00:00:31,760 --> 00:00:33,360 Well one of the ways we can do it 14 00:00:33,360 --> 00:00:36,170 is by trusting somebody just because they said so. 15 00:00:36,170 --> 00:00:38,470 So if I have a web server and I want you to trust it 16 00:00:38,470 --> 00:00:40,950 I can install a self-signed certificate. 17 00:00:40,950 --> 00:00:43,710 That says hey, trust me because I said I'm Jason 18 00:00:43,710 --> 00:00:45,080 and you can trust me. 19 00:00:45,080 --> 00:00:46,280 Now you have to decide if you're really 20 00:00:46,280 --> 00:00:47,330 going to trust me though. 21 00:00:47,330 --> 00:00:49,200 If you see one of these self-signed certificates 22 00:00:49,200 --> 00:00:50,890 your web browser's going to give you a error, 23 00:00:50,890 --> 00:00:52,430 like this one in Firefox. 24 00:00:52,430 --> 00:00:53,870 Now you can choose to trust them 25 00:00:53,870 --> 00:00:56,530 by clicking on the I understand the risks, 26 00:00:56,530 --> 00:00:58,690 or you can say, you know, I don't trust that. 27 00:00:58,690 --> 00:00:59,930 I'm going to go to a different website 28 00:00:59,930 --> 00:01:01,570 and get my information there. 29 00:01:01,570 --> 00:01:03,980 For security purposes it's not a good idea 30 00:01:03,980 --> 00:01:05,670 to trust a self-signed certificate 31 00:01:05,670 --> 00:01:07,470 and so this is kind of frowned upon. 32 00:01:07,470 --> 00:01:08,906 You should probably, if you're having a website, 33 00:01:08,906 --> 00:01:10,060 you should spend the money 34 00:01:10,060 --> 00:01:11,570 and get a real digital certificate 35 00:01:11,570 --> 00:01:13,040 from a trusted third party. 36 00:01:13,040 --> 00:01:14,520 The second thing we can do is trust 37 00:01:14,520 --> 00:01:16,390 the collective intelligence of others. 38 00:01:16,390 --> 00:01:19,090 This is the system that's used by Pretty Good Privacy. 39 00:01:19,090 --> 00:01:20,690 It's basically a web of trust, 40 00:01:20,690 --> 00:01:22,400 where every person who trusts you 41 00:01:22,400 --> 00:01:24,060 starts helping to increase your rating 42 00:01:24,060 --> 00:01:26,320 and then as more people know you and trust you, 43 00:01:26,320 --> 00:01:28,150 other people are going to know you and trust you. 44 00:01:28,150 --> 00:01:30,230 The same thing kind of happens on Twitter and Facebook 45 00:01:30,230 --> 00:01:31,760 and other social media. 46 00:01:31,760 --> 00:01:34,720 Google uses this same concept when it's ranking websites. 47 00:01:34,720 --> 00:01:35,850 If they're trying to figure out who's 48 00:01:35,850 --> 00:01:38,000 going to be the authority for a particular topic, 49 00:01:38,000 --> 00:01:40,680 they look at how many people are linking back to it. 50 00:01:40,680 --> 00:01:42,500 So for example, if I'm looking up information 51 00:01:42,500 --> 00:01:44,570 on the CompTIA security + exam, 52 00:01:44,570 --> 00:01:46,013 the number one place that's going to come up 53 00:01:46,013 --> 00:01:49,510 is CompTIA official website for the security + exam. 54 00:01:49,510 --> 00:01:51,210 Because there's thousands of different links 55 00:01:51,210 --> 00:01:52,560 that point back to it. 56 00:01:52,560 --> 00:01:54,420 But if you look at it you might find that the 57 00:01:54,420 --> 00:01:57,020 fourth or fifth person might be my course on it, 58 00:01:57,020 --> 00:01:58,590 because a lot of my students have taken it, 59 00:01:58,590 --> 00:02:01,030 liked it and then linked back to that course. 60 00:02:01,030 --> 00:02:03,190 Now if you go down to page 30 or 40 61 00:02:03,190 --> 00:02:04,110 you're going to find some site 62 00:02:04,110 --> 00:02:05,950 that's not really trust worthy, right? 63 00:02:05,950 --> 00:02:07,800 That's the idea with this web of trust 64 00:02:07,800 --> 00:02:09,620 and this ranking of websites. 65 00:02:09,620 --> 00:02:11,910 eBay had started this way back when they came out 66 00:02:11,910 --> 00:02:13,150 in the late 90s. 67 00:02:13,150 --> 00:02:14,850 Because there was no authenticated way 68 00:02:14,850 --> 00:02:16,650 to prove who each seller was, 69 00:02:16,650 --> 00:02:18,420 they came up with their rating system 70 00:02:18,420 --> 00:02:21,000 and as I bought something from you, I would leave a review. 71 00:02:21,000 --> 00:02:22,310 As you bought something from somebody else 72 00:02:22,310 --> 00:02:23,670 you'd leave a review on them. 73 00:02:23,670 --> 00:02:26,550 And this again is a peer-to-peer web of trust system, 74 00:02:26,550 --> 00:02:28,405 because there was no centralized person saying, 75 00:02:28,405 --> 00:02:31,100 this is a good seller and this is a bad seller, 76 00:02:31,100 --> 00:02:33,160 but instead it was the wisdom of the crowd 77 00:02:33,160 --> 00:02:35,927 that defined how well you were going to be trusted. 78 00:02:35,927 --> 00:02:38,148 (electronic music)