Web of trust - finding a hidden path

Georg Wilckens durandal@nfinity.de
Tue Feb 20 04:11:08 2001

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


right now I am running into a small problem... the reason for building
a web of trust is to be able to trust a person's key even if you
didn't have a chance to verify it yourself. However for a given
person's key there might be a trust path which can't be constructed
from the keys you have on your keyring. So.... I was wondering if you
have any suggestions about how to find such a 'hidden path'. Possible
solutions might be:

1. Let the server search based on signatures - this puts a high load
   on the server and doesn't take fine grained trust into account.

2. Try to accumulate enough keys locally. Ideally a program should
   collect any fully trusted keys, which are - say - not more than two
   hops away.

The second solution seems reasonable but I didn't find an
implementation of it yet. There is a Perl-script which I tried which
simply gets all keys for all signatures on your keyring, which of
course gets very awkward since the growth is about exponential with
every iteration.

Any thoughts or pointers?

Georg Wilckens <durandal@nfinity.de>

LSD melts in your mind, not in your hand.

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org