How to find and verify a trust path?

NdK ndk.clanbo at
Wed Sep 18 22:00:35 CEST 2013

Il 17/09/2013 22:01, Philip Jägenstedt ha scritto:

> That's fine, I'm just trying to figure out what others do to convince
> themselves that (e.g.) the GnuPG dist sig key is trustworthy-ish and
> if there are any tools to help with the boring bits.
I think "stability" is what most newbies (and probably experienced users
too) use.

If the same "identity" keeps using the same key while relating with
different users, it's "trustworthy". So if I have CDs from some years
ago and OpenPGP is signed with the same key used today, I can be "sure
enough" it's not been tampered with and the new file is trustworthy.

And often it's more important stability over "impossible" verifications
of "real life identity".


More information about the Gnupg-users mailing list