<P> The scheme is flexible, unlike most public key infrastructure designs, and leaves trust decisions in the hands of individual users . It is not perfect and requires both caution and intelligent supervision by users . Essentially all PKI designs are less flexible and require users to follow the trust endorsement of the PKI generated, certificate authority (CA) - signed, certificates . </P> <P> There are two keys pertaining to a person: a public key which is shared openly and a private key that is withheld by the owner . The owner's private key will decrypt any information encrypted with its public key . In the web of trust, each user has a ring with a group of people's public keys . </P> <P> Users encrypt their information with the recipient's public key, and only the recipient's private key will decrypt it . Each user then digitally signs the information with their private key, so when the recipient verifies it against the users own public key, they can confirm that it is the user in question . Doing this will ensure that the information came from the specific user and has not been tampered with, and only the intended recipient can read the information (because only they know their private key). </P> <P> In contrast, a typical X. 509 PKI permits each certificate to be signed only by a single party: a certificate authority (CA). The CA's certificate may itself be signed by a different CA, all the way up to a' self - signed' root certificate . Root certificates must be available to those who use a lower level CA certificate and so are typically distributed widely . They are for instance, distributed with such applications as browsers and email clients . In this way SSL / TLS - protected Web pages, email messages, etc. can be authenticated without requiring users to manually install root certificates . Applications commonly include over one hundred root certificates from dozens of PKIs, thus by default bestowing trust throughout the hierarchy of certificates which lead back to them . </P>

Benefits of the trust system of the internet