On Mon, Feb 28, 2011 at 09:12:33AM -0500, David Shaw wrote: > Unfortunately, barring the case where you have an actual trust path to either > Martin, key signatures don't tell you much. After all, FM could easily make > up dozens of fake people keys and use them to sign his key.
Yes. Understood. I should have mentioned that. However, as you mentioned in a previous subthread, it isn't difficult to parse the dates of the signatures, identify where they've been held, and grab other metadata. If a key has falsified signatures, it should be easy enough to find out. At least the recursion of grabbing keys from keyservers will be rather short for false sigs. At any event, I digress. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
