On 18/01/17 03:03, David Shaw wrote: > > Can you post the actual user IDs of the keys you are testing with (or a > similar example.com set) so I can try them as well?
Hi David, I have written a test shell script to experiment with trust signatures. The script is at https://git.io/vMXMQ There are six participants: 'myself', who knows 'introducer' who knows 'alice' and 'blake'. 'blake' knows 'chloe' and 'david' 'introducer' signs 'alice' and trust-signs 'blake', who signs 'chloe' and 'david' 'myself' trust-signs 'introducer' I'm working on the belief that: (a) by trust-signing introducer at level 1, any keys certified by introducer (i.e. alice and blake) become valid for me. (b) by trust signing introducer at level 2 I extend (a) so that any keys certified by a key trust-certified by introducer (blake) also become valid for me (chloe and david). (c) by trust signing with a domain restriction I limit the scope of (a) and (b) but it is not clear to me how this applies. I think things look ok up to step 9 and point (a) and (b) appear to work as I expect but (c) doesn't. I'd really appreciate some feedback about what is happening in: step 10 (trust level 1 restricted to example.org) step 14 (trust level 2 restricted to example.org) step 16 (trust level 2 restricted to example.es) It would appear that any domain restriction disables trust completely! My test output is at https://git.io/vMXDa Much appreciated. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
