A common misconception about the PGP web of trust is that trust flows
through the web along the signatures. Actually, PGP's trust model is
founded on the principle that "trust isn't transitive". A signature
is never trusted in PGP unless the user has explicitly indicated that
he personally trusts the signer. (The new NAI versions of PGP do have
an exception in that the user can mark a signer as a "meta introducer"
allowing trust to flow an extra step.)
This is in contrast to the practice in the X.509 PKI, where a root CA
has the ability to delegate trust as far as it wishes. If your browser
trusts Verisign, and Verisign trusts someone else, you automatically
trust that other party.
What does flow along PGP's "web of trust" is validity of name-key
bindings. You know and trust Alice, so you sign her key and mark it
as trusted. Alice signs Bob's key. Since you trusted her, you now have
confidence that this is in fact Bob's key.
You know this is Bob's key, but that doesn't mean you automatically trust
it to issue key signatures. This is a separate decision you make, based
on your knowledge of Bob's character and qualities. If you do trust him,
you mark his key as trusted.
Bob now signs Carol's key. You can make a similar determination of
whether Carol is trustworthy. If she is, you will then trust the
signatures she has made.
You can end up with a chain of Alice->Bob->Carol->David, and determine
that you know David's key. The only key you had to explicitly verify
was Alice's. But you had to determine for yourself whether you choose to
trust Alice, Bob, and Carol, in order for this chain to confer validity
on David's key.
Trust models make a distinction between the question of whether a
certificate (name-key binding) is true and accurate, and the question of
whether a key holder is trusted to issue certificates (key signatures).
X.509 and PGP both distinguish these uses, although they do so in
slightly different ways. In X.509, the certificate issuer (key signer)
decides whether to delegate trust. In PGP, the verifier (end user)
decides which keys are trustworthy.
People unfamiliar with the issues of cryptographic trust models often
do not clearly distinguish these two concepts, which is unfortunate and
leads to much confusion.
