> Bernhard's point is that if Alice has a PGP trust path to a hash value > [e.g., if Bob signed some hash value and Alice trusts Bob's key], has > a file whose hash is that value, and the hash function is sufficiently > strong, then Alice may trust that file as well, _regardless of its > origin_. > > That's just the standard property of signatures. If you're on a plane > and someone hands you a signed message that verifies to be from > a trusted key, then you can trust the message is from that key's owner > even if you don't trust whoever handed you the message. Sure but I found it confusing in combination with the quorum logic. If I trust my 12 sock puppets, I can reach any quorum that only requires 5 signatures. Some slightly stronger concept of identity is needed if you go by a logic that says "at least 2 trustworthy rebuilders have to sign" so you don't fall vulnerable to wrench attacks.
signature.asc
Description: OpenPGP digital signature