How to find and verify a trust path?
kloecker at kde.org
Mon Sep 16 23:27:36 CEST 2013
On Monday 16 September 2013 23:00:22 Peter Lebbing wrote:
> On 16/09/13 22:37, Philip Jägenstedt wrote:
> > Too bad. I guess one could do it by starting at the destination and
> > following signatures back using a shortest path algorithm and a lot
> > of requests to the keyserver, though.
> Dijkstra's shortest path algorithm would amount to a breadth first
> search. Keyserver operators might not like that, I dunno.
> > How would an attacker create n independent paths without deceiving n
> > people?
> Errrrr..... by creating n keys and uploading them to the keyserver?
I thought the same, but that won't work. The independent paths need to
be completely disjoint (except for start and end point) _and_ they all
need to start with Philip's key. The attacker would have to trick Philip
into signing all n keys. Or he would have to trick n people whose keys
Philip has signed (directly or indirectly) into signing his n keys.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users