ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Key search

1997-07-23 12:47:37
from [Wolfgang Ley] [Permanent Link] 
-----BEGIN PGP SIGNED MESSAGE-----

Ben Cox wrote:


(Is this list "open for business" yet?)

Hello all,

I am interested in a key search mechanism by which I can ask a
key server for a chain of keys which leads between a desired key
and a key that I trust.

For example, if I trust A's key, and I am interested in finding
a chain by which I can trust D, I can ask the key server for the
chain and it will return B and C (where A has signed B's key, B
has signed C's key, and C has signed D's).

I actually have code that will do this for a PGP 2.6 key ring,
and am willing to contribute it to whomever is interested in it.

Basically it builds a directed graph whose vertices are the keys
and whose edges point from a key to all keys that have signed it.
It then does a breadth-first search of the graph, starting at the
requested key, stopping when it finds one of the keys listed as
"trusted".  When it finds a trusted key, it returns all the keys
on the path from the starting vertex to the ending vertex.

Is anyone interested in seeing this code?


Hi,

I don't know why this should be useful. In real life this won't help
you because if you trust A's key and want to find a path to D then
the only way would be "A has signed D". In all other case you have
to trust the keys on the path (in your example B and C) to act as an
introducer.

So the real life situation is most probably more like "get the key from
D, add it to your keyring to check if you can verify with your existing
keys/trust definitions". If you can't then have lost because the helper
keys B and C are most probably from people you've never met in person
before and therefor can't judge on their key management to use them
as an introducer. On the other hand (if you're able to make that judge-
ment) then you've met already and the other key is already inside your
keyring to be sure that your trust judgement is really valid for that
person and not just for a key with the name of person you met before.

I think most "path finder" ideas do have several drawbacks
+ The only work on key signatures not on the trust levels
+ The programs I've seen are working on key->key->...->key paths and not
  on the needed key->key->...->key/userid paths (a signature is always
  valid for a key/userid combination, bot for the key only)

By the way: a nice PathServer is available from AT&T - see
  http://www.research.att.com/~reiter/PathServer/

Bye,
  Wolfgang Ley (DFN-CERT)
- --
Wolfgang Ley, DFN-CERT, Vogt-Koelln-Str. 30, 22527 Hamburg,    Germany
Email: ley(_at_)cert(_dot_)dfn(_dot_)de   Phone: +49 40 5494-2262 Fax: +49 40 
5494-2241
PGP-Key available via finger ley(_at_)ftp(_dot_)cert(_dot_)dfn(_dot_)de any 
key-server or via
WWW from http://www.cert.dfn.de/~ley/               ...have a nice day

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBM9ZgjgQmfXmOCknRAQFHkQQAnabPitydrXHRtJloiOOwrkHs6PWL0n8W
aDNFtZl7giLqUVJfFPKnioJTAc10L5HYJISxMwwiJXYBwWlq6fqLTCKkZNoe1Pud
ia0ZoG6TOUuqQx3lBLsiZ3Qo/Sa/mQ/zwfugETFF0dhPW8/Gh5ksEvXt/3XyWF20
rKNpAlX64B8=
=uhzY
-----END PGP SIGNATURE-----
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Key search, Charles Breed
Next by Date:  Re: Key search, Ben Cox
Previous by Thread:  Re: Subject line, Charles Breed
Next by Thread:  Re: Key search, Steve Schear
Indexes:  [Date] [Thread] [Top] [All Lists]