disjunct paths
Gregor Zattler
telegraph at gmx.net
Wed Dec 7 14:41:26 CET 2005
Hi David,
* David Shaw <dshaw at jabberwocky.com> [06. Dez. 2005]:
> On Fri, Dec 02, 2005 at 01:10:01PM +0100, Gregor Zattler wrote:
> > * David Shaw <dshaw at jabberwocky.com> [30. Nov. 2005]:
> > > On Wed, Nov 30, 2005 at 08:11:44PM +0100, Gregor Zattler wrote:
> > O.k. it's not very likely that an attacker is able to surround
> > all the people which keys I signed with people deliberately
> > signing wrong keys to trick me. OTOH I can not be certain that
> > Charlie, Nate and George know what they are doing when signing a
> > key. But...
>
> Yes, exactly. 1 hop away is easy, but as you get further and further
> away, you just don't know the people any longer.
Yes, ... but ...
> > > GPG will calculate trust for 5 hops along the path, by default. You
> > > can tune this with --max-cert-depth.
> >
> > How then is gpg able to calculate trust paths with more than one
> > hop?
>
> The same way it calculates for one hop: fully valid keys with full
> trust can make other keys fully valid. It doesn't matter if they are
> one hop or 15 hops away, so long as the hop count is less than
> --max-cert-depth.
Isn't that the same issue as diskussed above? What's your
--max-cert-depth?
Ciao, Gregor
--
-... --- .-. . -.. ..--.. ...-.-
More information about the Gnupg-users
mailing list