Hi Peter, gnupg-users, * Peter Lebbing <[email protected]> [28. Apr. 2013]: > So while tools like PGP Pathfinder can find signature paths, it doesn't really > help for validity, which needs ownertrust of a direct parent of the key you > want > validated. There are no ownertrust paths.
There are no ownertrust paths but the pathfinder shows me how many disjunct paths are possible from my key to the other key. An attacker would have to introduce fake signatures in every of the disjunct paths. Since I choose the first nodes on the path because I checked their identity (papers) and signed their key, I have some means of making the attack more difficult. (All this implies that the pathfinder does not lie to me.) Ciao; Gregor _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
