disjunct paths

Gregor Zattler telegraph at gmx.net
Fri Dec 2 13:10:01 CET 2005


Hi David,
* David Shaw <dshaw at jabberwocky.com> [30. Nov. 2005]:
> On Wed, Nov 30, 2005 at 08:11:44PM +0100, Gregor Zattler wrote:
> > * David Shaw <dshaw at jabberwocky.com> [30. Nov. 2005]:
> > > On Wed, Nov 30, 2005 at 04:29:21PM +0100, Gregor Zattler wrote:
> > > > * David Shaw <dshaw at jabberwocky.com> [28. Nov. 2005]:
> > > > > On Sat, Nov 26, 2005 at 12:56:16AM +0100, Jaap Eldering wrote:
> > > > > Yes, it is.  There are a few servers that do more or less what you
> > > > > describe (for example http://www.lysator.liu.se/~jc/wotsap/).  It's
> > > > > useful to see the various paths, but unless you trust each step in the
> > > > > chain, it doesn't really help you get trust in the end point.
> > > > 
> > > > Doesn't it help if there are several disjunct paths?  Couldn't I
> > > > say I trust a User-Id if more than n discunct paths of trust
> > > > exist from my key to the other?
> > > 
> > > Yes, if you trust those disjunct paths :) A hundred disjunct paths
> > > that you don't trust don't help much.
> > 
> > Why not?  The disjunct paths from my key to the target key
> > all start with keys signed by me.  So all owners of this said
> > keys must be part of an conspiracy.  If I met the different key
> > owners in different contextes this isn't very likely to happen.
> 
> Unless you're talking about paths with only one hop, it doesn't work.
> The paths *start* with keys signed by you.  After that, you have no
> assurance.
> 
> Given these paths:
> 
> Gregor  ->  Alice  ->  Baker  ->  Charlie  ->  David
> Gregor  ->  Lorina ->  Mark   ->  Nate     ->  David
> Gregor  ->  Edith  ->  Frank  ->  George   ->  David
> 
> You know (because you signed them), that Alice, Lorina, and Edith are
> valid.  Lets say that you also fully trust them to make good
> signatures, so that makes Baker, Mark, and Frank fully valid as well.
> However, not knowing how well Baker, Mark, or Frank issue signatures
> stops you from making Charlie, Nate or George valid, which stops you
> in turn from making my key valid.

O.k. it's not very likely that an attacker is able to surround
all the people which keys I signed with people deliberately
signing wrong keys to trick me.  OTOH I can not be certain that
Charlie, Nate and George know what they are doing when signing a
key.  But...
 
[...]
> > !? Does gpg calculate trust several hops along the trust path? 
> 
> GPG will calculate trust for 5 hops along the path, by default.  You
> can tune this with --max-cert-depth.

How then is gpg able to calculate trust paths with more than one
hop? 


Ciao, Gregor
-- 
 -... --- .-. . -.. ..--.. ...-.-



More information about the Gnupg-users mailing list