disjunct paths
Gregor Zattler
telegraph at gmx.net
Wed Nov 30 20:11:44 CET 2005
Hi David,
* David Shaw <dshaw at jabberwocky.com> [30. Nov. 2005]:
> On Wed, Nov 30, 2005 at 04:29:21PM +0100, Gregor Zattler wrote:
> > Hi David,
> > * David Shaw <dshaw at jabberwocky.com> [28. Nov. 2005]:
> > > On Sat, Nov 26, 2005 at 12:56:16AM +0100, Jaap Eldering wrote:
> > > Yes, it is. There are a few servers that do more or less what you
> > > describe (for example http://www.lysator.liu.se/~jc/wotsap/). It's
> > > useful to see the various paths, but unless you trust each step in the
> > > chain, it doesn't really help you get trust in the end point.
> >
> > Doesn't it help if there are several disjunct paths? Couldn't I
> > say I trust a User-Id if more than n discunct paths of trust
> > exist from my key to the other?
>
> Yes, if you trust those disjunct paths :) A hundred disjunct paths
> that you don't trust don't help much.
Why not? The disjunct paths from my key to the target key
all start with keys signed by me. So all owners of this said
keys must be part of an conspiracy. If I met the different key
owners in different contextes this isn't very likely to happen.
> There is a notion of partial trust, where if you gather enough
> partially trusted signatures then it equals full trust. You can tune
> the trust calculations with the --marginals-needed and
> --completes-needed options. By default, you need 3 marginally trusted
> signatures or 1 completely trusted signature.
!? Does gpg calculate trust several hops along the trust path?
Ciao, Gregor
--
-... --- .-. . -.. ..--.. ...-.-
More information about the Gnupg-users
mailing list