disjunct paths (was: Re: trust path lookup on server)
David Shaw
dshaw at jabberwocky.com
Wed Nov 30 19:42:17 CET 2005
On Wed, Nov 30, 2005 at 04:29:21PM +0100, Gregor Zattler wrote:
> Hi David,
> * David Shaw <dshaw at jabberwocky.com> [28. Nov. 2005]:
> > On Sat, Nov 26, 2005 at 12:56:16AM +0100, Jaap Eldering wrote:
> > Yes, it is. There are a few servers that do more or less what you
> > describe (for example http://www.lysator.liu.se/~jc/wotsap/). It's
> > useful to see the various paths, but unless you trust each step in the
> > chain, it doesn't really help you get trust in the end point.
>
> Doesn't it help if there are several disjunct paths? Couldn't I
> say I trust a User-Id if more than n discunct paths of trust
> exist from my key to the other?
Yes, if you trust those disjunct paths :) A hundred disjunct paths
that you don't trust don't help much.
There is a notion of partial trust, where if you gather enough
partially trusted signatures then it equals full trust. You can tune
the trust calculations with the --marginals-needed and
--completes-needed options. By default, you need 3 marginally trusted
signatures or 1 completely trusted signature.
David
More information about the Gnupg-users
mailing list