How to find and verify a trust path?
Hauke Laging
mailinglisten at hauke-laging.de
Mon Sep 16 00:37:33 CEST 2013
Am So 15.09.2013, 21:11:04 schrieb Philip Jägenstedt:
> In very concrete terms, how can I determine which keys I need to
> import so that the GnuPG dist sig (4F25E3B6) has full validity?
> in order to find
> the shortest paths and then manually import the keys to verify that it
> is in fact true...
The question does not make much sense IMHO because this is not only about
importing keys but also about assigning certification trust to the keys along
the path.
In order to seriously assign certification trust to a key you have to know the
key owner, the certification policy (for that key) and the security level of
the mainkey. Why should you not already have imported a key if you have all
these pieces of information available? Sounds to me like you are willing to
assign certification trust to unknown keys just because you have to in order
to advance in the signature path.
Hauke
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130916/a7662fcd/attachment.sig>
More information about the Gnupg-users
mailing list