Josef Spillner's OpenPGP page

Web of Trust

Return to OpenPGP home

Let's start with the most simple web of trust:

web of trust: self signature
(PNG) (PostScript)

This is me. The image shows a self signature, so I trust myself. Whenever a new OpenPGP key is generated, it should be self-signed.

web of trust: signatures (old) web of trust: signatures
(old PNG) (old PostScript) (PNG) (PostScript)

The graphs on the left were generated after LinuxTag Magdeburg in April 2003, whereas the right ones were done after LinuxTag Karlsruhe in July 2003. The difference should be noticable.

The image above displays my key and all those that trust me (signed me). About 130 people already signed my key. However not all of them signed all of my user id's, mostly because I had only one of them at the beginning. Hence it would be possible to generate graphs of sub-webs of trust for each of the 4 user id's.

web of trust: all signatures (old) web of trust: all signatures
(old PNG) (old PostScript) (PNG) (PostScript)

Now all the trust among the people is included as well. This is a bit more complicated, and not linear anymore. Some people, especially at the bottom, are very closely integrated into the web, whereas some others only have one relation (only to me).

web of trust: global signatures
(PNG) (PostScript)

Finally, all the people who have signed those who signed me are also included. This represents the first indirect level of trust, and thus I don't even know most of these people, and don't have their names associated with their keys. More than 1000 keys belong to this enlarged web of indirect trust. It is estimated that several 10000 keys are located around it, building one or more global webs of trust.

Some words about the calculation. Using an Athlon XP 2000+, it takes a significant time to generate these images. As one can see in the table, both memory requirements and run time grow exponentially. These calculations have been done for the first set of images (in April 2003) and would take even longer now.

MethodSize of dots file (Bytes)Memory needed (MB)Run time (seconds)
Self signature2300.51
My sigs11782618
All sigs3167110147
All sigs (and their selfsigs)3299010155
All sigs and their sigs17521272448240

To generate the data, you need to patch sig2dot a bit. Look here for patches, and ask me if you don't understand them.

Return to OpenPGP home

Created: 22.04.2003
Last change: 29.07.2003