[TriLUG] Can I trust that key?

[greg at turnstep.com]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
 
> I became curious about how I would go about assigning trust to this
> signature. Not the syntax of the gpg command to assign trust, rather the
> human interaction - the key signing parties - how would I find a chain of
> trust back to Klaus? I could check the fingerprint on a website but the site
> could be hacked.  I won't call Klaus on the phone, but if I did, how would I
> know it was him?  In a trust chain you physically verify ID, human form, and
> pgp key - that makes sense.  But how do you trace a line a trust to someone
> like Klaus?
 
Use a web-based tool, specifically the one at kjsl.com linked to from the
biglumber listings, to check the Web of Trust. I got the following back for
my key:
 
Looking for path from 0x14964AC8 to 0xBA8F038D
7171 nodes examined. 7194 elements in the hash
4 steps from 0x14964AC8 to 0xBA8F038D
0x14964AC8 (Greg Sabino Mullane <greg at turnstep.com>) signs
0x7527701B (J. Brian Coyle <brianc at magicnet.net>) signs
0x9A209C50 (Daniel Luebke <ich at daniel-luebke.de>) signs
0x4A27F015 (Jochen Hein <jochen.hein at delphi.central.de>) signs
0xBA8F038D (Klaus Knopper <knopper at linuxtag.de>) signs
 
Some URLS of interest:
 
http://the.earth.li/~noodles/pathfind.html
http://keyserver.kjsl.com/~jharris/keysigning.html
http://www.biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8
 
You could also google the keyid and see if the key has built up a history.
There are only about 10 hits on google for K.Knopper's key, so that is
not a very strong indication in this case, but at least there is a path
to him (for me, anyway).
 
- --
Greg Sabino Mullane greg at turnstep.com
PGP Key: 0x14964AC8 200312121843
-----BEGIN PGP SIGNATURE-----
 
iD8DBQE/2lPPvJuQZxSWSsgRAv3RAKD+TtJs8oSbyyAf6oySCPomFTIEYQCfeaz1
MhRrjNTaexNBE+bKRDeUo/k=
=J7fe
-----END PGP SIGNATURE-----