Charles Breed <cbreed(_at_)pgp(_dot_)com> writes:
You might want to check out
http://akpublic.research.att.com/~reiter/PathServer/
written by Mike Reiter and Stuart Stubblebine
Thanks; this looks very similar to what I have.
This list will be used for discussing new features and functionality to be
in the next, open, standards-track pgp spec, hopefully from the IETF
working group called open-pgp.
...and, to quote the charter:
- enhanced methods for public pgp key / certificate exchange
(search, retrieval, revocation)
^^^^^^^^^^^^^^^^^
Wolfgang Ley <ley(_at_)cert(_dot_)dfn(_dot_)de> writes:
I don't know why this should be useful. In real life this won't help
[...]
So the real life situation is most probably more like "get the key from
D, add it to your keyring to check if you can verify with your existing
keys/trust definitions". If you can't then have lost because the helper
keys B and C are most probably from people you've never met in person
before and therefor can't judge on their key management to use them
as an introducer. On the other hand (if you're able to make that judge-
ment) then you've met already and the other key is already inside your
keyring to be sure that your trust judgement is really valid for that
person and not just for a key with the name of person you met before.
I beg to differ. Suppose I do the search for D given that I trust A
and it gives me A->B->C->D, and persons B and C turn out to be, for
example, Jeff Schiller and Phil Zimmermann. Now, I might never have
met them before, and I might not have their keys on my keyring (ignore
for the moment that those keys are on the keyring shipped with PGP),
but I know them by reputation. If I can believe person A that the
holder of key B really _is_ Jeff Schiller, then I should be able to
believe Jeff Schiller that the holder of key C really _is_ Phil
Zimmermann, and thus I should be able to believe that person D is
who Phil says he is.
I think the path finder idea is quite useful. It may be that the
results I get from doing the path search don't necessarily work to
directly establish the link to D (i.e., D shouldn't automatically
become completely valid immediately with no further interaction by
me), but I may be able to retrieve some useful keys that I can then
go and manipulate by hand (i.e., adjust the trust levels).
I think most "path finder" ideas do have several drawbacks
+ The only work on key signatures not on the trust levels
Again, I think the path finder can be a good first step, working
on the signatures and giving me the raw materials to manipulate
the trust levels by hand based on knowledge that cannot be
represented in the PGP keyring itself.
+ The programs I've seen are working on key->key->...->key paths and not
on the needed key->key->...->key/userid paths (a signature is always
valid for a key/userid combination, bot for the key only)
Yes; I suppose it would be fairly easy to modify my code to take
a key ID and a userid as input, and only return paths that lead to
the correct userid. (Right now it returns paths that lead to any
userid on the specified key.)
Cheers,
__
Ben Cox
cox(_at_)transarc(_dot_)com
pgpYg2knEYb8b.pgp
Description: PGP signature