disjunct paths
David Shaw
dshaw at jabberwocky.com
Wed Dec 7 15:07:26 CET 2005
On Wed, Dec 07, 2005 at 02:41:26PM +0100, Gregor Zattler wrote:
> Hi David,
> * David Shaw <dshaw at jabberwocky.com> [06. Dez. 2005]:
> > On Fri, Dec 02, 2005 at 01:10:01PM +0100, Gregor Zattler wrote:
> > > * David Shaw <dshaw at jabberwocky.com> [30. Nov. 2005]:
> > > > On Wed, Nov 30, 2005 at 08:11:44PM +0100, Gregor Zattler wrote:
> > > O.k. it's not very likely that an attacker is able to surround
> > > all the people which keys I signed with people deliberately
> > > signing wrong keys to trick me. OTOH I can not be certain that
> > > Charlie, Nate and George know what they are doing when signing a
> > > key. But...
> >
> > Yes, exactly. 1 hop away is easy, but as you get further and further
> > away, you just don't know the people any longer.
>
> Yes, ... but ...
>
> > > > GPG will calculate trust for 5 hops along the path, by default. You
> > > > can tune this with --max-cert-depth.
> > >
> > > How then is gpg able to calculate trust paths with more than one
> > > hop?
> >
> > The same way it calculates for one hop: fully valid keys with full
> > trust can make other keys fully valid. It doesn't matter if they are
> > one hop or 15 hops away, so long as the hop count is less than
> > --max-cert-depth.
>
> Isn't that the same issue as diskussed above? What's your
> --max-cert-depth?
I leave it at the default unless I'm testing something (so it is 5).
I agree it is the same issue as above, yes. 5 seems like a more or
less sane default - big enough to be useful, small enough to not be
(too) dangerous. Different people have a different comfort level, of
course, which is why the value is changeable. In any event, the cert
depth doesn't really change the actual calculations in most cases -
most people don't have chains of people they know that are that long.
David
More information about the Gnupg-users
mailing list