Re: gpg trust paths

[Richard Hector <richard@walnut.gen.nz>]

[red face]
After commenting on Magnus cc'ing me, I then sent this to him instead
of the list. Oops. Sorry Magnus.
[/red face]

On Thu, 2008-05-15 at 11:00 +0100, Magnus Therning wrote:
> On Thu, May 15, 2008 at 12:17 AM, Richard Hector
> <richard@walnut.gen.nz> wrote:

>         I have signed keys of several people who have been to
>         keysigning parties
>         at several debconfs, so I feel I should have a trust path to
>         anybody of
>         significance in the Debian community - though I could be
>         proved wrong.
>         
>         I've also added the debian keyserver to my ~/.gnupg/options,
>         as well as
>         the keyring from the debian-keyring package.
>         
>         Is there a step I'm missing?
> 
> AFAIU you'd need to have all keys of the entire path locally in your
> keyring in order for GPG to see a trusted path.  If you don't want to
> download all the missing keys you could try a PGP pathfinder on the
> web (there are several that are easily found).

Thanks for the response (though no need to cc me).

However, having downloaded various keys, I can manually find a path with
only 2 intermediate hops.

The pathfinder at http://pgp.cs.uu.nl/ doesn't have Florian Weimer's
key, so can't find the full path, but can find a path to someone who has
signed it.

The bit that puzzles me is that despite me having all 4 keys, gpg
doesn't find a path.

Unless it's the bit about 'trusted' signatures? Perhaps one of those
signatures is insufficiently trustworthy in some sense?

Richard