trust problem

Adrian 'Dagurashibanipal' von Bidder avbidder at fortytwo.ch
Fri Dec 19 14:53:37 CET 2003


On Friday 19 December 2003 13:59, cecilia hana wrote:

> 2. the path of signed keys leading from K back to your
> own key is five steps or shorter.
>
>
>
> peter------->blake------->elena------->chloe----
>                          --->alex------->simon------->K
>
>
> above figure shows that peter signed blake and blake
> signed elena then on and on,
> if peter just fully trusts simon, i think K's key is
> valid, however K is beyond the range of five steps,
> can anyone tell me why and i want more clearly
> nderstanding
> about the second condition, thanks.

First, the most important thing you need to understand: this limit of 5 steps 
is completely arbitrary. Personally, I think 5 steps with 5 random people is 
too much. On the otherhand, I'd be inclined to trust a much longer chain when 
it consists of people like Werner Koch, David Shaw, or perhaps some 
well-known Debian developers who - to me - have a very good reputation.

But to be sure that simon's key is really his, you (as peter) need to have 
extremely high trust in blake, elena, chloe *and* alex - and, since you 
haven't directly signed elena, chloe and alex' keys, it is very probable that 
you don't even know them (if you knew them, you could give them a phone call 
to identify them and exchange fingerprints over this trusted channel - so 
your problem of the 5 steps limit wouldn't exist in the first place).

So while you may know and trust simon (whos key you just not have come around 
to sign) to correctly verify the key of K, how can you be sure that you 
really have simon's key?

cheers
-- vbi


-- 
You will pay for your sins!
If you have already paid, please register with the front desk.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 331 bytes
Desc: signature
Url : /pipermail/attachments/20031219/c585ceaf/attachment.bin


More information about the Gnupg-users mailing list