Web of trust - finding a hidden path
Georg Wilckens
durandal@nfinity.de
Tue Feb 20 04:11:08 2001
--tKW2IUtsqtDRztdT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hello.
right now I am running into a small problem... the reason for building
a web of trust is to be able to trust a person's key even if you
didn't have a chance to verify it yourself. However for a given
person's key there might be a trust path which can't be constructed
from the keys you have on your keyring. So.... I was wondering if you
have any suggestions about how to find such a 'hidden path'. Possible
solutions might be:
1. Let the server search based on signatures - this puts a high load
on the server and doesn't take fine grained trust into account.
2. Try to accumulate enough keys locally. Ideally a program should
collect any fully trusted keys, which are - say - not more than two
hops away.
The second solution seems reasonable but I didn't find an
implementation of it yet. There is a Perl-script which I tried which
simply gets all keys for all signatures on your keyring, which of
course gets very awkward since the growth is about exponential with
every iteration.
Any thoughts or pointers?
Regards,
Georg
--=20
Georg Wilckens <durandal@nfinity.de>
LSD melts in your mind, not in your hand.
--tKW2IUtsqtDRztdT
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6kaJiMhml2MWI6O0RAqrqAKClm22BfhSAEjydWi7/LgnMWIBfJwCdGask
sKTw9dVgzSgTGTm2US9zx3w=
=8RcU
-----END PGP SIGNATURE-----
--tKW2IUtsqtDRztdT--