my guess is that you are saying that addressing the example scenario
you gave is a design goal of public key distribution and verification.
I meant that PGP's conventional (simple, oldstyle, or whatever :-)
digital signature can use in very simple digital signature scheme. My
scenario will be applied to not only PGP but also almost current
digital signature tools.
I guess that you want more sophisticated digital signature scheme than
current PGP digital signature scheme.
but having a key from the keyserver that might be alice's
key is not enough. olive must also establish that the key is alice's.
Web-of-trust, X.509, and some certification schemes give us the
capability of public key trustness without contacting public-key
owner.
--hironobu