disjunct paths

David Shaw dshaw at jabberwocky.com
Wed Dec 7 05:22:17 CET 2005 

On Fri, Dec 02, 2005 at 01:10:01PM +0100, Gregor Zattler wrote:
> Hi David,
> * David Shaw <dshaw at jabberwocky.com> [30. Nov. 2005]:
> > On Wed, Nov 30, 2005 at 08:11:44PM +0100, Gregor Zattler wrote:
> > > * David Shaw <dshaw at jabberwocky.com> [30. Nov. 2005]:
> > > > On Wed, Nov 30, 2005 at 04:29:21PM +0100, Gregor Zattler wrote:
> > > > > * David Shaw <dshaw at jabberwocky.com> [28. Nov. 2005]:
> > > > > > On Sat, Nov 26, 2005 at 12:56:16AM +0100, Jaap Eldering wrote:
> > > > > > Yes, it is.  There are a few servers that do more or less what you
> > > > > > describe (for example http://www.lysator.liu.se/~jc/wotsap/).  It's
> > > > > > useful to see the various paths, but unless you trust each step in the
> > > > > > chain, it doesn't really help you get trust in the end point.
> > > > > 
> > > > > Doesn't it help if there are several disjunct paths?  Couldn't I
> > > > > say I trust a User-Id if more than n discunct paths of trust
> > > > > exist from my key to the other?
> > > > 
> > > > Yes, if you trust those disjunct paths :) A hundred disjunct paths
> > > > that you don't trust don't help much.
> > > 
> > > Why not?  The disjunct paths from my key to the target key
> > > all start with keys signed by me.  So all owners of this said
> > > keys must be part of an conspiracy.  If I met the different key
> > > owners in different contextes this isn't very likely to happen.
> > 
> > Unless you're talking about paths with only one hop, it doesn't work.
> > The paths *start* with keys signed by you.  After that, you have no
> > assurance.
> > 
> > Given these paths:
> > 
> > Gregor  ->  Alice  ->  Baker  ->  Charlie  ->  David
> > Gregor  ->  Lorina ->  Mark   ->  Nate     ->  David
> > Gregor  ->  Edith  ->  Frank  ->  George   ->  David
> > 
> > You know (because you signed them), that Alice, Lorina, and Edith are
> > valid.  Lets say that you also fully trust them to make good
> > signatures, so that makes Baker, Mark, and Frank fully valid as well.
> > However, not knowing how well Baker, Mark, or Frank issue signatures
> > stops you from making Charlie, Nate or George valid, which stops you
> > in turn from making my key valid.
> 
> O.k. it's not very likely that an attacker is able to surround
> all the people which keys I signed with people deliberately
> signing wrong keys to trick me.  OTOH I can not be certain that
> Charlie, Nate and George know what they are doing when signing a
> key.  But...

Yes, exactly.  1 hop away is easy, but as you get further and further
away, you just don't know the people any longer.

> > > !? Does gpg calculate trust several hops along the trust path? 
> > 
> > GPG will calculate trust for 5 hops along the path, by default.  You
> > can tune this with --max-cert-depth.
> 
> How then is gpg able to calculate trust paths with more than one
> hop? 

The same way it calculates for one hop: fully valid keys with full
trust can make other keys fully valid.  It doesn't matter if they are
one hop or 15 hops away, so long as the hop count is less than
--max-cert-depth.

David

More information about the Gnupg-users mailing list