Third party information

Huels, Ralf SCORE
Fri Dec 13 08:33:02 2002

Bob Matthews wrote:
> > three UIDs and on the other hand the public key I have has about
> > 90 signatures
> no-brainer. Getting 90 signatures is easy if you can invent 
> 90 bogus keys to sign with.

Of the 90 Keys, 85 are traceable to the largest strong connected
set. Some go up to single digit ranks in the Dtype statistics. 
Which of course still allows for the possibility that Drew Streib 
and Jason Harris impersonated the entire web of trust just to get
me to sign that one guy's key. 
Excuse me while I don my tin foil hat.

> > one [signature] from a trusted introducer
> This is where you hope the trusted introducer can be trusted 
> not to sign keys without verifying the fingerprint.

Now that, of course, is the point that was (not quite) eluding 
me. If too many people go for 99% instead of 100% "just this once", 
the entire system may fail at some point.

As 0x2E22CC9F said after a similar occurance during another key 
signing event: "If I don't do this right, I might as well not do
it at all."