trust path lookup on server

David Shaw dshaw at jabberwocky.com
Tue Nov 29 05:41:51 CET 2005


On Sat, Nov 26, 2005 at 12:56:16AM +0100, Jaap Eldering wrote:
> Hi all,
> 
> I was wondering whether the following feature does exist within gpg
> or related programs: the possibility to check a signature via a
> (longer) trust path from my key to the signer's key.
> 
> I am no expert in the use of gpg, but from what I have seen, gpg does
> only download the signer's key from the keyserver and then use the
> local keyring to check for a trust path.
> 
> I have thought with some people about the concept of a server from
> which trust paths can be obtained. gpg itself can then verify this
> path and thus verify a trust path that is outside of one's keyring
> data. Is this a useful idea?

Yes, it is.  There are a few servers that do more or less what you
describe (for example http://www.lysator.liu.se/~jc/wotsap/).  It's
useful to see the various paths, but unless you trust each step in the
chain, it doesn't really help you get trust in the end point.

David



More information about the Gnupg-users mailing list