Hi David, * David Shaw <[EMAIL PROTECTED]> [30. Nov. 2005]: > On Wed, Nov 30, 2005 at 04:29:21PM +0100, Gregor Zattler wrote: > > Hi David, > > * David Shaw <[EMAIL PROTECTED]> [28. Nov. 2005]: > > > On Sat, Nov 26, 2005 at 12:56:16AM +0100, Jaap Eldering wrote: > > > Yes, it is. There are a few servers that do more or less what you > > > describe (for example http://www.lysator.liu.se/~jc/wotsap/). It's > > > useful to see the various paths, but unless you trust each step in the > > > chain, it doesn't really help you get trust in the end point. > > > > Doesn't it help if there are several disjunct paths? Couldn't I > > say I trust a User-Id if more than n discunct paths of trust > > exist from my key to the other? > > Yes, if you trust those disjunct paths :) A hundred disjunct paths > that you don't trust don't help much.
Why not? The disjunct paths from my key to the target key all start with keys signed by me. So all owners of this said keys must be part of an conspiracy. If I met the different key owners in different contextes this isn't very likely to happen. > There is a notion of partial trust, where if you gather enough > partially trusted signatures then it equals full trust. You can tune > the trust calculations with the --marginals-needed and > --completes-needed options. By default, you need 3 marginally trusted > signatures or 1 completely trusted signature. !? Does gpg calculate trust several hops along the trust path? Ciao, Gregor -- -... --- .-. . -.. ..--.. ...-.- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
