How to find and verify a trust path?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Sep 17 16:17:11 CEST 2013
On 09/17/2013 09:56 AM, Philip Jägenstedt wrote:
> Going with the GnuPG built-on model, it seems like I can get the "n
> people would need to be deceived" effect by (in a temporary keyring)
> assigning marginal trust to all keys in the world and
> --marginals-needed n, without requiring the paths to be independent.
> Does that sound right?
No, it doesn't sound right because one key ≠ one person. It is possible
for one person to hold many keys.
If I hold n keys, and i certify with all of them, and you grant all my
keys marginal ownertrust, then all it takes is 1 person to be deceived
(me) and you will be misled.
I won't even go into here the difference between "n people would need to
be deceived" and "n people would need to be (convinced to be)
malicious", but it's worth considering what your actual threat model is.
Trust is not a mechanical or universal process. Different people have
different perspectives, different information, different allies, and
different adversaries. Any system which claims that there is a
universal trust perspective would need some *very* convincing (and
highly surprising) arguments to seem plausible.
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130917/bb3c6315/attachment.sig>
More information about the Gnupg-users
mailing list