diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-06-10 13:06:31 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-06-10 13:06:31 +0000 |
| commit | d8c94401fee143318ff66e37ddd5136ec56a6f2b (patch) | |
| tree | a01ea5546eb0c2441e1b828996935be3aa0f1632 | |
| parent | 5e03e3d3430431dd989fbd570e76f682f636c1f6 (diff) | |
| download | gnutls-d8c94401fee143318ff66e37ddd5136ec56a6f2b.tar.gz | |
Added Timo's openpgp guide
| -rw-r--r-- | doc/tex/Makefile.am | 4 | ||||
| -rw-r--r-- | doc/tex/auth.tex | 26 | ||||
| -rw-r--r-- | doc/tex/gnutls.tex | 37 | ||||
| -rw-r--r-- | doc/tex/intro.tex | 35 | ||||
| -rw-r--r-- | doc/tex/openpgp.tex | 78 | ||||
| -rw-r--r-- | doc/tex/pgp-fig1.eps | 479 |
6 files changed, 606 insertions, 53 deletions
diff --git a/doc/tex/Makefile.am b/doc/tex/Makefile.am index 4ee7a3485d..432279de51 100644 --- a/doc/tex/Makefile.am +++ b/doc/tex/Makefile.am @@ -1,12 +1,12 @@ EXTRA_DIST = gnutls.tex gnutls.ps \ ex1.tex ex2.tex ex3.tex srp1.tex serv1.tex ex4.tex \ - fdl.tex cover.tex.in gnutls-logo.ps layers.ps + fdl.tex cover.tex.in gnutls-logo.ps layers.ps pgp-fix1.eps TEX_OBJECTS = gnutls.tex ../../lib/gnutls-api.tex serv1.tex ex1.tex ex2.tex ex3.tex fdl.tex \ macros.tex cover.tex ciphersuites.tex handshake.tex translayer.tex \ auth.tex ciphers.tex errors.tex layers.tex alert.tex record.tex \ funcs.tex examples.tex ex4.tex ../../libextra/gnutls-extra-api.tex \ - memory.tex + memory.tex intro.tex openpgp.tex gnutls.html: $(TEX_OBJECTS) -latex2html gnutls.tex -no_navigation -no_subdir 1 -split 0 \ diff --git a/doc/tex/auth.tex b/doc/tex/auth.tex index 11536d0276..8e6375b1af 100644 --- a/doc/tex/auth.tex +++ b/doc/tex/auth.tex @@ -1,4 +1,4 @@ -\section{Authentication methods} +\chapter{Authentication methods} \par The following authentication schemas are supported in \gnutls: \begin{enumerate} @@ -7,7 +7,7 @@ The following authentication schemas are supported in \gnutls: \item SRP authentication \end{enumerate} -\subsection{Authentication using X.509 certificates} +\section{Authentication using X.509 certificates} This authentication method is part of the certificate authentication method in \gnutls{}. The X.509 protocols rely on a hierarchical trust model. In this trust model @@ -56,22 +56,16 @@ parameters which are send to the peer. \end{figure} -\subsection{Authentication using OpenPGP keys} +\section{Authentication using OpenPGP keys} This authentication method is part of the certificate authentication -method in \gnutls{}. -OpenPGP authentication relies on a distributed trust model, called the "web -of trust". The "web of trust" uses a decentralized system of trusted -introducers, which are the same as a CA. OpenPGP allows anyone to sign -anyone's else public key. When Alice signs Bob's key, she is introducing -Bob's key to anyone who trusts Alice. If someone trusts Alice to introduce -keys, then Alice is a trusted introducer in the mind of that observer. -\par - -The key exchange methods shown in \hyperref{figure}{figure }{}{fig:cert} are +method in \gnutls{}. All the key exchange methods shown in \hyperref{figure}{figure }{}{fig:cert} are available in OpenPGP authentication. +\input{openpgp} + + -\subsection{Anonymous authentication} +\section{Anonymous authentication} The anonymous key exchange perform encryption but there is no indication of the identity of the peer. This kind of authentication is vulnerable to man in the middle attack, but this protocol can be used even if there is no prior communication or common trusted @@ -92,7 +86,7 @@ ANON\_DH & This algorithm exchanges Diffie Hellman parameters. \end{figure} -\subsection{Authentication using SRP} +\section{Authentication using SRP} Authentication using the SRP\footnote{SRP stands for Secure Password Protocol and is described in RFC2945. The SRP key exchange is not a part of the \tlsI{} protocol} is actually password authentication, since the two peers are identified by the knowledge of a password. @@ -129,7 +123,7 @@ SRP & Authentication using the SRP protocol. \end{figure} -\subsubsection{The included ``srpcrypt'' program} +\subsection{The included ``srpcrypt'' program} The ``gnutls-srpcrypt'' is a very simple program that emulates the programs in the libsrp found in \htmladdnormallink{http://srp.stanford.edu}{http://srp.stanford.edu}. It is intended for use in places where you don't expect srp diff --git a/doc/tex/gnutls.tex b/doc/tex/gnutls.tex index 9d299d41fd..891a43fb01 100644 --- a/doc/tex/gnutls.tex +++ b/doc/tex/gnutls.tex @@ -21,41 +21,8 @@ \fancyfoot[C]{\thepage} \chapter{The Library} -\section{Introduction} -\par -\gnutls{} is a portable library which implements the \tlsI{} and -\sslIII{} protocols. -\tls{} stands for 'Transport Layer Security' and is the sucessor of \ssl{}, -the Secure Sockets Layer protocol designed by Netscape. - -\tlsI{}\footnote{described in {\it RFC 2246}} is an Internet protocol, -defined by {IETF}\footnote{IETF or Internet Engineering Task Force -is a large open international community of network -designers, operators, vendors, and researchers concerned with the evolution of -the Internet architecture and the smooth operation of the Internet. It is open to any interested individual.}, -that provides confidentiality, and authentication layers over any reliable -transport layer. - -\par -\gnutls{} implements the above -protocols in a reentrant way. This allows multiple threads of -execution, without the need for critical sections and locks. See -\htmladdnormallink{http://www.gnutls.org/}{http://www.gnutls.org/} -and \htmladdnormallink{http://www.gnu.org/software/gnutls/}{http://www.gnu.org/software/gnutls/} -for updated versions of the \gnutls{} software and this document. - -\par -Currently \gnutls{} implements: -\begin{itemize} - \item the \tlsI{} and \sslIII{} protocols, without any weak algorithms\footnote{ -There are ciphersuites in \tlsI{} that are considered weak. These -ciphersuites are deliberately weak in order to be able to export encryption -software from some countries.} - \item {\bf X.509} Public Key Infrastructure. - \item {\bf OpenPGP} Public Key Infrastructure. - \item {\bf SRP} for \tls{} authentication. - \item \tls{} {\bf Extension mechanism}. -\end{itemize} + +\input{intro} \input{layers} diff --git a/doc/tex/intro.tex b/doc/tex/intro.tex new file mode 100644 index 0000000000..2c5363560c --- /dev/null +++ b/doc/tex/intro.tex @@ -0,0 +1,35 @@ +\section{Introduction} +\par +\gnutls{} is a portable library which implements the \tlsI{} and +\sslIII{} protocols. +\tls{} stands for 'Transport Layer Security' and is the sucessor of \ssl{}, +the Secure Sockets Layer protocol designed by Netscape. + +\tlsI{}\footnote{described in {\it RFC 2246}} is an Internet protocol, +defined by {IETF}\footnote{IETF or Internet Engineering Task Force +is a large open international community of network +designers, operators, vendors, and researchers concerned with the evolution of +the Internet architecture and the smooth operation of the Internet. It is open to any interested individual.}, +that provides confidentiality, and authentication layers over any reliable +transport layer. + +\par +\gnutls{} implements the above +protocols in a reentrant way. This allows multiple threads of +execution, without the need for critical sections and locks. See +\htmladdnormallink{http://www.gnutls.org/}{http://www.gnutls.org/} +and \htmladdnormallink{http://www.gnu.org/software/gnutls/}{http://www.gnu.org/software/gnutls/} +for updated versions of the \gnutls{} software and this document. + +\par +Currently \gnutls{} implements: +\begin{itemize} + \item the \tlsI{} and \sslIII{} protocols, without any weak algorithms\footnote{ +There are ciphersuites in \tlsI{} that are considered weak. These +ciphersuites are deliberately weak in order to be able to export encryption +software from some countries.} + \item {\bf X.509} Public Key Infrastructure. + \item {\bf OpenPGP} Public Key Infrastructure. + \item {\bf SRP} for \tls{} authentication. + \item \tls{} {\bf Extension mechanism}. +\end{itemize} diff --git a/doc/tex/openpgp.tex b/doc/tex/openpgp.tex new file mode 100644 index 0000000000..e423f43c52 --- /dev/null +++ b/doc/tex/openpgp.tex @@ -0,0 +1,78 @@ +\subsection{The OpenPGP trust model in \gnutls{}} +\label{sec:pgp} + +\subsubsection{The OpenPGP trust model} + +The OpenPGP key authentication relies on a distributed trust model, called +the "web of trust". The "web of trust" uses a decentralized system of +trusted introducers, which are the same as a CA. OpenPGP allows anyone to +sign anyone's else public key. When Alice signs Bob's key, she is introducing +Bob's key to anyone who trusts Alice. If someone trusts Alice to introduce +keys, then Alice is a trusted introducer in the mind of that observer. + +\begin{figure}[hbtp] +\includegraphics[height=7cm,width=10cm]{pgp-fig1} +\label{fig:pgp1} +\end{figure} + +For example: If David trusts Alice to be an introducer, and Alice signed +Bob's key, Dave also trusts Bob's key to be the real one. + +There are some key points that are important in that model. In the example +Alice has to sign Bob's key, only if she is sure that the key belongs +to Bob. Otherwise she may also make Dave falsely believe that this +is Bob's key. Dave has also the responsibility to know who to trust. +This model is similar to real life relations. + +Just see how Charlie behaves in the previous example. Although he has +signed Bob's key - because he knows, somehow, that it belongs to Bob - +he does not trust Bob to be an introducer. Charlie decided to trust only +Kevin, for some reason. A reason could be that Bob is lazy enough, and +signs other people's keys without being sure that they belong to the +actual owner. + + +\subsubsection{GnuTLS functions} + +First we've to differ between owerntrust and validity. Sometimes trust +and validity is used as a synonym but this is not correct. +\par +The ownertrust describes how trustworthy the signature of a special +key owner is. Even if we've three or more signatures to make a key valid, +it's possible that we don't trust the owner at all and thus we don't trust +the signature he made. There are different ownertrust levels: +\begin{enumerate} +\item Don't know +\item I do NOT trust +\item I trust marginally +\item I trust fully +\item I trust ulitmately. +\end{enumerate} + +For example we need three marginal trusted signature to make a key +valid or one full trusted signature. The ultimate trust is only used +when we are the owner of a key and we also have the secret key. +\par +In the case we don't trust the owner, those signatures are skipped +for the web of trust calculation. +\par +All checks in GnuTLS are done in \printfunc{gnutls_openpgp_verify_key}{gnutls\_openpgp\_verify\_key}. +If a trustdb is available, this is the file which contains all information about the +key owner (ownertrust), additional checks are performed. +\\ +First we get the trustdb entry to see if the key is not disabled because +those keys shouldn't be used at all. Another possible case is that we +don't trust the key, which means we don't need to perform further checks. +\par +If the ownertrust is at least marginal we continue to check all signatures +the key contains to get the validity of the key. It is likely that the +public keyring does not contain all needed keys to check all signatures. +When a signature could not be checked due to a missing key, the function +tries the next signature. When NO public key is available, the function +checks at least the self signature which must be valid in any case because +it was created by the key itself. +\\ +Validity means if the signatures on the key are valid and the key was not +changed by somebody or corrupted during transport. + + diff --git a/doc/tex/pgp-fig1.eps b/doc/tex/pgp-fig1.eps new file mode 100644 index 0000000000..b87015321d --- /dev/null +++ b/doc/tex/pgp-fig1.eps @@ -0,0 +1,479 @@ +%!PS-Adobe-2.0 EPSF-2.0 +%%Title: /usr/home/nmav/pgp1 +%%Creator: Dia v0.88.1 +%%CreationDate: Mon Jun 10 15:51:40 2002 +%%For: nmav +%%Magnification: 1.0000 +%%Orientation: Portrait +%%BoundingBox: 0 0 535 433 +%%Pages: 1 +%%BeginSetup +%%EndSetup +%%EndComments +%%BeginProlog +[ /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /space /exclam /quotedbl /numbersign /dollar /percent /ampersand /quoteright +/parenleft /parenright /asterisk /plus /comma /hyphen /period /slash /zero /one +/two /three /four /five /six /seven /eight /nine /colon /semicolon +/less /equal /greater /question /at /A /B /C /D /E +/F /G /H /I /J /K /L /M /N /O +/P /Q /R /S /T /U /V /W /X /Y +/Z /bracketleft /backslash /bracketright /asciicircum /underscore /quoteleft /a /b /c +/d /e /f /g /h /i /j /k /l /m +/n /o /p /q /r /s /t /u /v /w +/x /y /z /braceleft /bar /braceright /asciitilde /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/space /exclamdown /cent /sterling /currency /yen /brokenbar /section /dieresis /copyright +/ordfeminine /guillemotleft /logicalnot /hyphen /registered /macron /degree /plusminus /twosuperior /threesuperior +/acute /mu /paragraph /periodcentered /cedilla /onesuperior /ordmasculine /guillemotright /onequarter /onehalf +/threequarters /questiondown /Agrave /Aacute /Acircumflex /Atilde /Adieresis /Aring /AE /Ccedilla +/Egrave /Eacute /Ecircumflex /Edieresis /Igrave /Iacute /Icircumflex /Idieresis /Eth /Ntilde +/Ograve /Oacute /Ocircumflex /Otilde /Odieresis /multiply /Oslash /Ugrave /Uacute /Ucircumflex +/Udieresis /Yacute /Thorn /germandbls /agrave /aacute /acircumflex /atilde /adieresis /aring +/ae /ccedilla /egrave /eacute /ecircumflex /edieresis /igrave /iacute /icircumflex /idieresis +/eth /ntilde /ograve /oacute /ocircumflex /otilde /odieresis /divide /oslash /ugrave +/uacute /ucircumflex /udieresis /yacute /thorn /ydieresis] /isolatin1encoding exch def +/Times-Roman-latin1 + /Times-Roman findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Times-Italic-latin1 + /Times-Italic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Times-Bold-latin1 + /Times-Bold findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Times-BoldItalic-latin1 + /Times-BoldItalic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/AvantGarde-Book-latin1 + /AvantGarde-Book findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/AvantGarde-BookOblique-latin1 + /AvantGarde-BookOblique findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/AvantGarde-Demi-latin1 + /AvantGarde-Demi findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/AvantGarde-DemiOblique-latin1 + /AvantGarde-DemiOblique findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Bookman-Light-latin1 + /Bookman-Light findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Bookman-LightItalic-latin1 + /Bookman-LightItalic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Bookman-Demi-latin1 + /Bookman-Demi findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Bookman-DemiItalic-latin1 + /Bookman-DemiItalic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Courier-latin1 + /Courier findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Courier-Oblique-latin1 + /Courier-Oblique findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Courier-Bold-latin1 + /Courier-Bold findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Courier-BoldOblique-latin1 + /Courier-BoldOblique findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Helvetica-latin1 + /Helvetica findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Helvetica-Oblique-latin1 + /Helvetica-Oblique findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Helvetica-Bold-latin1 + /Helvetica-Bold findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Helvetica-BoldOblique-latin1 + /Helvetica-BoldOblique findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Helvetica-Narrow-latin1 + /Helvetica-Narrow findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Helvetica-Narrow-Oblique-latin1 + /Helvetica-Narrow-Oblique findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Helvetica-Narrow-Bold-latin1 + /Helvetica-Narrow-Bold findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Helvetica-Narrow-BoldOblique-latin1 + /Helvetica-Narrow-BoldOblique findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/NewCenturySchoolbook-Roman-latin1 + /NewCenturySchoolbook-Roman findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/NewCenturySchoolbook-Italic-latin1 + /NewCenturySchoolbook-Italic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/NewCenturySchoolbook-Bold-latin1 + /NewCenturySchoolbook-Bold findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/NewCenturySchoolbook-BoldItalic-latin1 + /NewCenturySchoolbook-BoldItalic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Palatino-Roman-latin1 + /Palatino-Roman findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Palatino-Italic-latin1 + /Palatino-Italic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Palatino-Bold-latin1 + /Palatino-Bold findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Palatino-BoldItalic-latin1 + /Palatino-BoldItalic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Symbol-latin1 + /Symbol findfont +definefont pop +/ZapfChancery-MediumItalic-latin1 + /ZapfChancery-MediumItalic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/ZapfDingbats-latin1 + /ZapfDingbats findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/cp {closepath} bind def +/c {curveto} bind def +/f {fill} bind def +/a {arc} bind def +/ef {eofill} bind def +/ex {exch} bind def +/gr {grestore} bind def +/gs {gsave} bind def +/sa {save} bind def +/rs {restore} bind def +/l {lineto} bind def +/m {moveto} bind def +/rm {rmoveto} bind def +/n {newpath} bind def +/s {stroke} bind def +/sh {show} bind def +/slc {setlinecap} bind def +/slj {setlinejoin} bind def +/slw {setlinewidth} bind def +/srgb {setrgbcolor} bind def +/rot {rotate} bind def +/sc {scale} bind def +/sd {setdash} bind def +/ff {findfont} bind def +/sf {setfont} bind def +/scf {scalefont} bind def +/sw {stringwidth pop} bind def +/tr {translate} bind def + +/ellipsedict 8 dict def +ellipsedict /mtrx matrix put +/ellipse +{ ellipsedict begin + /endangle exch def + /startangle exch def + /yrad exch def + /xrad exch def + /y exch def + /x exch def /savematrix mtrx currentmatrix def + x y tr xrad yrad sc + 0 0 1 startangle endangle arc + savematrix setmatrix + end +} def + +/mergeprocs { +dup length +3 -1 roll +dup +length +dup +5 1 roll +3 -1 roll +add +array cvx +dup +3 -1 roll +0 exch +putinterval +dup +4 2 roll +putinterval +} bind def +28.346000 -28.346000 scale +0.024000 -15.632857 translate +%%EndProlog + + +0.100000 slw +[] 0 sd +1.000000 1.000000 1.000000 srgb +n 5.912000 4.250000 2.512000 1.000000 0 360 ellipse f +0.000000 0.000000 0.000000 srgb +n 5.912000 4.250000 2.512000 1.000000 0 360 ellipse cp s +/Courier-Bold-latin1 ff 0.800000 scf sf +(Alice) dup sw 2 div 5.912000 ex sub 4.455220 m gs 1 -1 sc sh gr +0.100000 slw +[] 0 sd +1.000000 1.000000 1.000000 srgb +n 3.604400 11.000000 1.654400 1.000000 0 360 ellipse f +0.000000 0.000000 0.000000 srgb +n 3.604400 11.000000 1.654400 1.000000 0 360 ellipse cp s +/Courier-Bold-latin1 ff 0.800000 scf sf +(Bob) dup sw 2 div 3.604400 ex sub 11.205200 m gs 1 -1 sc sh gr +0.100000 slw +0 slc +[] 0 sd +n 4.135750 4.957110 m 3.604400 10.000000 l s +0 slj +n 4.300545 5.778902 m 4.135750 4.957110 l 3.803297 5.726509 l f +/Helvetica-latin1 ff 0.800000 scf sf +0.100000 slw +0 slc +[] 0 sd +n 4.774240 10.292900 m 5.912000 5.250000 l s +0 slj +n 4.706437 9.457494 m 4.774240 10.292900 l 5.194178 9.567536 l f +/Helvetica-latin1 ff 0.800000 scf sf +0.100000 slw +[] 0 sd +1.000000 1.000000 1.000000 srgb +n 11.089200 7.450000 2.139200 1.000000 0 360 ellipse f +0.000000 0.000000 0.000000 srgb +n 11.089200 7.450000 2.139200 1.000000 0 360 ellipse cp s +/Courier-Bold-latin1 ff 0.800000 scf sf +(Dave) dup sw 2 div 11.089200 ex sub 7.655220 m gs 1 -1 sc sh gr +0.100000 slw +[] 0 sd +[] 0 sd +0 slc +0 slj +0 slc +0 slj +[] 0 sd +n 0.500000 0.900000 m 18.300000 0.900000 l s +0 slc +0 slj +[] 0 sd +n 0.500000 13.550000 m 18.300000 13.550000 l s +0 slc +0 slj +[] 0 sd +n 0.500000 0.900000 m 0.500000 13.550000 l s +0 slc +0 slj +[] 0 sd +n 18.300000 0.900000 m 18.300000 13.550000 l s +/Courier-latin1 ff 0.800000 scf sf +(An example of the) dup sw 2 div 9.250000 ex sub 14.650000 m gs 1 -1 sc sh gr +( web of trust model) dup sw 2 div 9.250000 ex sub 15.450000 m gs 1 -1 sc sh gr +0.100000 slw +0 slc +[] 0 sd +n 7.688250 4.957110 m 9.576560 6.742890 l s +0 slj +n 8.441272 5.325156 m 7.688250 4.957110 l 8.097719 5.688434 l f +/Helvetica-latin1 ff 0.800000 scf sf +0.100000 slw +[] 0 sd +[0.400000] 0 sd +0 slc +n 11.089200 6.450000 m 8.424000 4.250000 l s +0.100000 slw +[] 0 sd +0 slj +0 slc +n 9.200109 4.566473 m 8.424000 4.250000 l 8.881813 4.952073 l s +/Courier-latin1 ff 0.800000 scf sf +({Trust}) 9.756600 5.350000 m gs 1 -1 sc sh gr +0.100000 slw +[] 0 sd +1.000000 1.000000 1.000000 srgb +n 13.796800 11.300000 2.996800 1.000000 0 360 ellipse f +0.000000 0.000000 0.000000 srgb +n 13.796800 11.300000 2.996800 1.000000 0 360 ellipse cp s +/Courier-Bold-latin1 ff 0.800000 scf sf +(Charlie) dup sw 2 div 13.796800 ex sub 11.505200 m gs 1 -1 sc sh gr +0.100000 slw +[] 0 sd +1.000000 1.000000 1.000000 srgb +n 14.162000 3.200000 2.512000 1.000000 0 360 ellipse f +0.000000 0.000000 0.000000 srgb +n 14.162000 3.200000 2.512000 1.000000 0 360 ellipse cp s +/Courier-Bold-latin1 ff 0.800000 scf sf +(Kevin) dup sw 2 div 14.162000 ex sub 3.405220 m gs 1 -1 sc sh gr +0.100000 slw +0 slc +[] 0 sd +n 12.601800 6.742890 m 14.162000 4.200000 l s +0 slj +n 12.807084 5.930265 m 12.601800 6.742890 l 13.233261 6.191748 l f +/Helvetica-latin1 ff 0.800000 scf sf +0.100000 slw +[] 0 sd +[0.400000] 0 sd +0 slc +n 13.796800 10.300000 m 15.938300 3.907110 l s +0.100000 slw +[] 0 sd +0 slj +0 slc +n 15.921246 4.745089 m 15.938300 3.907110 l 15.447139 4.586272 l s +/Courier-latin1 ff 0.800000 scf sf +({Trust}) 14.867500 7.103550 m gs 1 -1 sc sh gr +0.100000 slw +0 slc +[] 0 sd +n 5.258800 11.000000 m 10.800000 11.300000 l s +0 slj +n 6.071145 10.793614 m 5.258800 11.000000 l 6.044115 11.292883 l f +/Helvetica-latin1 ff 0.800000 scf sf +0.100000 slw +0 slc +[] 0 sd +n 15.938300 3.907110 m 15.915900 10.592900 l s +0 slj +n 16.185618 4.707943 m 15.938300 3.907110 l 15.685621 4.706268 l f +/Helvetica-latin1 ff 0.800000 scf sf +showpage |