How to find and verify a trust path?

[Philip Jägenstedt]

On Tue, Sep 17, 2013 at 4:17 PM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> On 09/17/2013 09:56 AM, Philip Jägenstedt wrote:
>
>> Going with the GnuPG built-on model, it seems like I can get the "n
>> people would need to be deceived" effect by (in a temporary keyring)
>> assigning marginal trust to all keys in the world and
>> --marginals-needed n, without requiring the paths to be independent.
>> Does that sound right?
>
> No, it doesn't sound right because one key ≠ one person.  It is possible
> for one person to hold many keys.
>
> If I hold n keys, and i certify with all of them, and you grant all my
> keys marginal ownertrust, then all it takes is 1 person to be deceived
> (me) and you will be misled.

That's a good point. So, if you have a tool to find signature paths,
it could also show a sorted list of the keys which you are trusting to
some non-zero degree. If similar/identical names show up, you
investigate.

> I won't even go into here the difference between "n people would need to
> be deceived" and "n people would need to be (convinced to be)
> malicious", but it's worth considering what your actual threat model is.
>
> Trust is not a mechanical or universal process.  Different people have
> different perspectives, different information, different allies, and
> different adversaries.  Any system which claims that there is a
> universal trust perspective would need some *very* convincing (and
> highly surprising) arguments to seem plausible.

That's fine, I'm just trying to figure out what others do to convince
themselves that (e.g.) the GnuPG dist sig key is trustworthy-ish and
if there are any tools to help with the boring bits.

-- 
Philip Jägenstedt