Web of Trust in Practical Usage
telegraph at gmx.net
Thu May 9 18:49:04 CEST 2013
Hi Peter, gnupg-users,
* Peter Lebbing <peter at digitalbrains.com> [28. Apr. 2013]:
> So while tools like PGP Pathfinder can find signature paths, it doesn't really
> help for validity, which needs ownertrust of a direct parent of the key you want
> validated. There are no ownertrust paths.
There are no ownertrust paths but the pathfinder shows me how
many disjunct paths are possible from my key to the other key.
An attacker would have to introduce fake signatures in every of
the disjunct paths.
Since I choose the first nodes on the path because I checked
their identity (papers) and signed their key, I have some means
of making the attack more difficult.
(All this implies that the pathfinder does not lie to me.)
More information about the Gnupg-users