-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
I have a question regarding the way GPG handles the way of trust. Let's say i have four keys (A-D). Key A is my own one, so I trust it ultimately and it is valid by definition. I signed B with A and set B's ownertrust to "full". B signed C, and B trusts C only marginally. C signed D, so it's like: A->B->C->D Now, since B is valid (I signed it) and I trust B fully C will be considered valid, too. But how about D? I can think of three possibilities: 1) Since B is trusted fully, C is also trusted fully (after verifying it with B's signature), and so D is considered valid. This would be *bad* since B originally had only marginal trust in C, and I would now have full trust in C. 2) Since I did not assign an ownertrust to C myself, gpg does not trust C at all and so D is not valid. This would also be kind of bad since I would have to set a whole lot of ownertrusts for my PKI to be established. (For every key to be verified it would have to be signed by at least one key I manually set the ownertrust for) 3) B's trust in C is included in B's signature and so GPG knows that it should trust C only marginally and searches for other signatures of C, until it are enough for C to be trusted. This would be great! Which way is implemented in GPG? Kind regards, Lukas Barth -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgTTKAACgkQgsbFi6ZpoGFUywCeNR8iIAxwkU/Yn9zXTNcLgV6o EEwAoIVn1QFmd0eHXwiPu+acJiN/9Xr0 =J2zP -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
