On 09/17/2013 09:56 AM, Philip Jägenstedt wrote: > Going with the GnuPG built-on model, it seems like I can get the "n > people would need to be deceived" effect by (in a temporary keyring) > assigning marginal trust to all keys in the world and > --marginals-needed n, without requiring the paths to be independent. > Does that sound right?
No, it doesn't sound right because one key ≠ one person. It is possible
for one person to hold many keys.
If I hold n keys, and i certify with all of them, and you grant all my
keys marginal ownertrust, then all it takes is 1 person to be deceived
(me) and you will be misled.
I won't even go into here the difference between "n people would need to
be deceived" and "n people would need to be (convinced to be)
malicious", but it's worth considering what your actual threat model is.
Trust is not a mechanical or universal process. Different people have
different perspectives, different information, different allies, and
different adversaries. Any system which claims that there is a
universal trust perspective would need some *very* convincing (and
highly surprising) arguments to seem plausible.
Regards,
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
