How to find and verify a trust path?
Ingo Klöcker
kloecker at kde.org
Mon Sep 16 23:27:36 CEST 2013
On Monday 16 September 2013 23:00:22 Peter Lebbing wrote:
> On 16/09/13 22:37, Philip Jägenstedt wrote:
> > Too bad. I guess one could do it by starting at the destination and
> > following signatures back using a shortest path algorithm and a lot
> > of requests to the keyserver, though.
>
> Dijkstra's shortest path algorithm would amount to a breadth first
> search. Keyserver operators might not like that, I dunno.
>
> > How would an attacker create n independent paths without deceiving n
> > people?
>
> Errrrr..... by creating n keys and uploading them to the keyserver?
I thought the same, but that won't work. The independent paths need to
be completely disjoint (except for start and end point) _and_ they all
need to start with Philip's key. The attacker would have to trick Philip
into signing all n keys. Or he would have to trick n people whose keys
Philip has signed (directly or indirectly) into signing his n keys.
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130916/029935e5/attachment.sig>
More information about the Gnupg-users
mailing list