On Tuesday 17 September 2013 11:38:55 Peter Lebbing wrote: > On 17/09/13 11:07, Peter Lebbing wrote: > > > The independent paths need to be completely disjoint (except for > > > start and end point) _and_ they all need to start with Philip's > > > key. > > > > AFAIK, there is no such requirement in the Web of Trust. I've never > > heard of it. > > Euh... apart from the part where you said they need to start with > Philip's key. I didn't trim the quote far enough :). I meant there is > no requirement that the paths are independent.
True. There's no such requirement in the Web of Trust. But Philip's question > > > > > How would an attacker create n independent paths without > > > > > deceiving n people? (which you snipped away in your reply) specifically requires the path to be independent. And that the n independent paths have to connect Philip's key and the key Philip wants to verify is an implicit requirement. Of course, the attacker could create n keys all with his correct name. Then nobody would have to be deceived because there's nothing wrong about those keys. But IMHO that's not a convincing answer because I wouldn't trust n paths all involving keys from the same person more than 1 path involving a key of that person. Of course, if somebody blindly trusts gpg to do the right thing then he probably deserves to be deceived. Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
