Gossamer Spider Web of Trust (GSWoT)

An Innovative and Progressive Web of Trust

In a Nutshell...

The Gossamer Spider Web of Trust (GSWoT) is an increasingly popular and expanding web of trust within the global PGP web of trust. We share the same interests as other groups who support public key cryptography through advocacy and published practices.

The Gossamer Spider Web of Trust extends from its Web of Introducers, who are assurers for other web of trust products (like X.509 Digital ID's from CAcert and Thawte), Notaries Public (Canada and United States), persons responsible for authenticating identities within an organization or commercial enterprise, and enthusiasts identity assured through our internal process. You could become a GSIntroducer! See Become a GSIntroducer for more info.

The Web of Introducers affirm they will strictly adhere to our practice guidelines. If you see a GSIntroducer signature on a key, you can be reasonably certain the key belongs to the real identity named in the certificate.

To install the Gossamer Spider Web of Trust, import the Root Signing Key and set trust to a depth of two (2). This will validate the keys of the Web of Introducers and allow them to introduce keys (keys signed by Introducers will appear valid). The greater the path length you specify, the more the web of trust can work for you (ie, path length (certification depth) of three (3) will also allow a trusted introducer of a GSIntroducer to validate keys in your keyring).

Building and Extending a Web of Trust

The Gossamer Spider Web of Trust can act as a bridge between individuals and groups. Everyone can know exactly with whom they are corresponding and most importantly, that each other's public key is authentic. Your organization can extend the Web of Trust by requesting your top-level certificate be certified as an Introducer. This can validate the certificates you assure within your organization to persons outside your group who rely upon GSWoT certifications. Similarly, contacts made to your group can be easily authenticated when the sender has been certified within the Gossamer Spider Web of Trust.

The Gossamer Spider Web of Trust is primarily intended for non-commercial users. Our purpose includes increasing the population in the strong set of worldwide keys where that increase represents keys that have appreciated extensive validation. The strong set refers to keys where there is a direct certification path between any two keys in the set.

What Gossamer Spider is not:

  • affiliated with any not-for-profit or commercial Certification Authority

What Gossamer Spider is:

  • an organization of PGP enthusiasts who issue certifications directly, and bridge the certifications of compatible Certification Authorities into the PGP Web of Trust by advocating to and permitting the Web of Trust assurers of those institutions to introduce PGP keys
  • a world of people sharing a common interest in promoting good web of trust management and having fun doing it!

Registering a Signing Certificate

If you wish to register your personal PGP public key or your organization's signing key with the Web of Introducers, please begin by reading our Become a GSIntroducer page.

Third Party Relying Agreement

The Gossamer Spider Web of Introducers strive to issue objectively extensive certifications. Certification quality is to be regarded as "low assurance". Absolutely no warranty of any kind is implied by the certifications applied by the Gossamer Spider Web of Trust Root Signing Key or by the certifications of the Web of Introducers. Relying parties are urged to require additional certification for commerce, legal and mission critical applications.

GSWoT Root Signing Key

The GSWoT Root Signing Key is used to authenticate GSIntroducers ("assurers" who comprise our Web of Introducers). You can learn more about installing the Gossamer Spider Web of Trust in other sections of this site.

The Gossamer Spider Web of Trust Root Signing Key is a Digital Signature Standard 1024-bit key.

SHA-1 Fingerprint: 59F5 2214 8745 E548 7F41  4E1C 6BCB 9B4B 8875 FB7F

You should confirm the Fingerprint with a GSIntroducer you know and trust.