disjunct paths (was: Re: trust path lookup on server)

David Shaw dshaw at jabberwocky.com
Wed Nov 30 19:42:17 CET 2005


On Wed, Nov 30, 2005 at 04:29:21PM +0100, Gregor Zattler wrote:
> Hi David,
> * David Shaw <dshaw at jabberwocky.com> [28. Nov. 2005]:
> > On Sat, Nov 26, 2005 at 12:56:16AM +0100, Jaap Eldering wrote:
> > Yes, it is.  There are a few servers that do more or less what you
> > describe (for example http://www.lysator.liu.se/~jc/wotsap/).  It's
> > useful to see the various paths, but unless you trust each step in the
> > chain, it doesn't really help you get trust in the end point.
> 
> Doesn't it help if there are several disjunct paths?  Couldn't I
> say I trust a User-Id if more than n discunct paths of trust
> exist from my key to the other?

Yes, if you trust those disjunct paths :) A hundred disjunct paths
that you don't trust don't help much.

There is a notion of partial trust, where if you gather enough
partially trusted signatures then it equals full trust.  You can tune
the trust calculations with the --marginals-needed and
--completes-needed options.  By default, you need 3 marginally trusted
signatures or 1 completely trusted signature.

David



More information about the Gnupg-users mailing list