Comment Re:The chain of trust is broken. (Score 1) 110
And in this case, the fake key has zero signatures whatsoever. If it had any, they would either be a blob of also-fake unconnected keys, or someone proving his guilt this way.
Just to be pedantic, a fake key may also be signed by a real, correctly-identified individual who had no intention of subterfuge, but who isn't careful about whose keys he or she signs. Of course, once discovered, that person should from then on be distrusted to validate other keys just as much as somebody who deliberately tried to deceive others.
A scarier but less likely possibility would be a malicious actor who creates a forged key for some other person, and then attends key-signing parties where they present forged identification in order to receive legitimate signings of their forged key. It'd be hard to get away with this if the target is an individual with a well-known appearance, like a Schneier or a Wozniak. But if the target is somebody who is just known online by name and not by their physical appearance, then it might not be hard to get legitimate signatures on the forged key by real, well-trusted individuals who simply had no prior knowledge of the target's real appearance. I wouldn't know "the" Gavin Andresen who maintains Bitcoin code from "a" random person named Gavin Andresen, or even an impostor with a good forgery of a government-issued ID card. I've never seen a picture of Gavin that I can recall, so I have no idea of what he looks like.