Translations:GnuPG/122/en

Let's imagine a 3 person situation: John, Mary, and Lisa. John is a good friend of Mary but does not know Lisa; Lisa is a good friend of Mary but does not know John. One day Lisa sends John a signed email. John will fetch Lisa's Public Key from the keyserver and test the message, if all went ok he will see that whoever wrote that message also created that key. But how do I know it was really the person it claims to be?