On Sat, Nov 26, 2005 at 12:56:16AM +0100, Jaap Eldering wrote: > Hi all, > > I was wondering whether the following feature does exist within gpg > or related programs: the possibility to check a signature via a > (longer) trust path from my key to the signer's key. > > I am no expert in the use of gpg, but from what I have seen, gpg does > only download the signer's key from the keyserver and then use the > local keyring to check for a trust path. > > I have thought with some people about the concept of a server from > which trust paths can be obtained. gpg itself can then verify this > path and thus verify a trust path that is outside of one's keyring > data. Is this a useful idea?
Yes, it is. There are a few servers that do more or less what you describe (for example http://www.lysator.liu.se/~jc/wotsap/). It's useful to see the various paths, but unless you trust each step in the chain, it doesn't really help you get trust in the end point. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
