How to find and verify a trust path?

Hauke Laging mailinglisten at
Mon Sep 16 00:37:33 CEST 2013

Am So 15.09.2013, 21:11:04 schrieb Philip Jägenstedt:

> In very concrete terms, how can I determine which keys I need to
> import so that the GnuPG dist sig (4F25E3B6) has full validity?

> in order to find
> the shortest paths and then manually import the keys to verify that it
> is in fact true...

The question does not make much sense IMHO because this is not only about 
importing keys but also about assigning certification trust to the keys along 
the path.

In order to seriously assign certification trust to a key you have to know the 
key owner, the certification policy (for that key) and the security level of 
the mainkey. Why should you not already have imported a key if you have all 
these pieces of information available? Sounds to me like you are willing to 
assign certification trust to unknown keys just because you have to in order 
to advance in the signature path.

Crypto für alle:
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130916/a7662fcd/attachment.sig>

More information about the Gnupg-users mailing list