0

Consider this scenario:

  • Alice sends a signed message with her key to BOB.
  • Bob never traded a key with Alice.
  • Alice's key is signed by a certain X.
  • X's key is signed by Y, an entity that BOB trusts.

Is Alice's key valid or not for Bob?

Sunil
  • 3,404
  • 10
  • 23
  • 31
Meelamri
  • 27
  • 6
  • Please add some context on this question. – André Vermeulen Feb 04 '18 at 13:08
  • 3
    Stackoverflow is for [programming questions](https://stackoverflow.com/help/on-topic). Questions about **cryptography** are off-topic for Stack Overflow unless they directly involve tools used primarily for programming. You may be able to get help on [Crypto](https://crypto.stackexchange.com/). – President James K. Polk Feb 04 '18 at 13:32
  • This is about PKI-X, but before answering yes/no you may want to consider that trust is not a black and white thing. – Maarten Bodewes Feb 04 '18 at 16:46
  • 2
    Trick question. The validity of Alice's key does not depend on Bob's decision to trust it or not. – Thomas M. DuBuisson Feb 05 '18 at 05:16
  • As noted, this belongs on either crypto.stackexchange.com or security.stackexchange.com, but before you ask it there, you will need to make it more precise. Make sure you have a very specific meaning for "trust" (trust that the key is theirs? trust that they are a valid introducer? trust that anyone they trust is also trustworthy? Trust as Maarten notes, trust is not a binary thing.) You must also make sure you have a precise meaning for "valid" (as Thomas notes). The short answer is "probably no in most cases, for most common systems," but it highly depends on the specifics. – Rob Napier Feb 09 '18 at 21:41

1 Answers1

0

we trust Y so the X's key is good! But we can not deduce a trust in X. The latter can sign anything and claim that it is the Alice's key.

Meelamri
  • 27
  • 6