On Tue, Apr 15, 2008 at 09:37:45AM -0400, Mark H. Wood wrote: > On Tue, Apr 15, 2008 at 01:23:01PM +0100, Peter Lewis wrote: > > So I guess my question is: is this a guide for me, and then I should > > manually > > set the trust level on key F myself (if I am satisfied that the chains > > exist), or should gpg do this automatically for me based on the parameters > > in > > my gpg.conf? It doesn't seem to be calculating anything automatically at > > the > > moment. > > What it is meant to do I can't say, but I hope that it does *not* > assign trust to others' keys automatically.
It does not. When you sign a key, you make that key *valid*, which just means "I believe this key does belong to the person it claims to belong to". When you set *trust* (aka "ownertrust") on that key, you are saying "I believe the person who owns this key makes signatures that I am willing to rely on". > I may trust B's handling of his own keys, but not trust B's judgments > about F's handling of *his* keys. The safest thing for gpg to assume > is that I assign no trust at all until I have instructed it > otherwise. B's signature on F's key is information that I might take > into consideration, but I might (for example) decide merely to > remember that datum and observe F's behavior for a while before > trusting F's key. Yep. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
