The scenario describes a decentralized cryptographic trust model where each user maintains a ring or database of public keys, and communications are encrypted using the recipient’s public key. This aligns precisely with the Web of Trust (WOT) model.
According to the CEH v13 Official Courseware:
Web of Trust (WOT) is a decentralized trust model used primarily in PGP (Pretty Good Privacy) environments.
In WOT:
Each user maintains a local keyring of trusted public keys.
There is no central Certificate Authority (CA).
Trust is built based on mutual verification and endorsement of public keys among users.
It uses asymmetric cryptography: messages are encrypted using the receiver's public key and decrypted using the corresponding private key.
This model provides authentication (via digital signatures) and message integrity (via cryptographic hash functions).
Incorrect Options:
A. Zero Trust Network is a security architecture that enforces strict access control but is not a cryptographic trust model.
B. TLS (Transport Layer Security) is a protocol for securing data in transit, commonly used in HTTPS, and relies on the PKI trust model (not WOT).
C. SSL (Secure Socket Layer) is an outdated version of TLS, also based on centralized certificate authorities.
Reference – CEH v13 Official Courseware:
Module 20: Cryptography
Section: “Public Key Infrastructure (PKI) and Trust Models”
Subsection: “Web of Trust (WOT) Model”
Study Guide Table: Comparison of Trust Models – PKI vs WOT vs Hybrid
Lab references in CEH Engage may also cover key signing and verifying concepts in decentralized environments.
