Willy's Web of Trust Analyses

What's a Web of Trust?

When you have a key, you need to be sure it belongs to the person you want to communicate with. If you've met them yourself, this is easy, you simply check the fingerprint that they gave you matches the fingerprint of the key you downloaded from a public keyserver. But if you've never met them, you'll have to rely on other people.

The OpenPGP standard allows anyone to place a certificate on a userid saying "This key belongs to this person". This is commonly referred to as "signing somebody's key". Each user can configure how many certificates a key needs in order to be trusted.

If you look at these links amongst a large group, they form a complex web of trust showing who has certified whose key as being valid. The better-connected a key is, the more likely it is that somebody will be able to trust that key.

Trend analysis

Several people run periodic analyses of the global web of trust which rank people according to how tightly they are connected. I have a trend analysis called Footsie that shows how the Web of Trust is changing over time.

Subset analyses

I run key analyses for various groups, producing their own personal Web of Trust and relating them to the global Web of Trust.

Geographical groups

Typically places I've lived or visited. Or just find interesting. I can do one for your area if you like, just ask.

Keysignings

When I go to keysignings, I like to keep track of who's signed who and an analysis is an easy way to do that.

Communities

Communities is just my way of saying "a bunch of people who are kind of related somehow". So far, it's mostly software projects, but if you want to send me the list of keyids for mothers of blue-eyed kleptomaniacs, I'll whip up an analysis of them.

Random other stuff