12 Sep
2011
12 Sep
'11
8:41 p.m.
On Mon, 12 Sep 2011 22:31:59 +0200, Måns Nilsson said:
Since you are from Sweden, and in an IT job, you probably have personal relations to someone who has personal relations to one of the swedes or other nationalities that were present at the key ceremonies for the root. Once you've established that the signatures on the root KSK are good (which -- because of the above -- should be doable OOB quite easily for you) you can start validating the entire chain of trust.
Quite trivial, in fact.
I'll note that the PGP "strongly connected set" has grown all the way to 45,000 or so keys in 2 decades of growth. There are several billion Internet users. What may be workable for Fredrik is probably *not* scalable to Joe Sixpack.