On 16/09/13 17:45, Philip Jägenstedt wrote: > However, it's not possible to proceed deeper than 1 step without assigning > at least marginal trust in people I haven't met.
If you actually don't know these people, I'd say it would be unwise to assign them trust. Why trust a stranger? However, it is not out of the question to trust a person you haven't met, which is different from being aware who someone is. > Since --update-trustdb *does* ask me for ownertrust of the dist sig key in > this scenario, I'm guessing that at least some people are willing to do that Well, I'm not going by what some people are willing to do, but the idea is that you only assign trust for people you trust. Since you probably trust some people whose keys you haven't signed, it makes sense to ask the trust question for keys you haven't signed. Through signatures from trusted people, you can ascertain that a key belongs to a person, you don't need to sign it yourself for that. However, for that person to make other keys valid, you need to trust their judgement. The trust question is exactly that: do you trust that this person only signs keys he or she has properly verified? > I'm guessing key servers simply can't be queried for this information. I'm pretty sure they can't be directly queried for this information. > If there are no good tools, what have others done to verify that they have a > path to 4F25E3B6? Most of them probably did nothing, since it's useless other than for statistical fun. There is nothing to be gained from knowing one or more paths. Any "attacker" doesn't need to do much effort to create so many paths to that key it dwarves any other key by comparison. Is the validity of that key then somehow increased, because it has so many paths? HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
