Hi Phil, On Fri, 22 Oct 2021 17:00:11 +0200, Phil Pennock via Gnupg-users wrote: > When evaluating the trust we have in the identity attached to a key, I > often see "WARNING: We have NO indication whether the key belongs to the > person named as shown above"; at the same time, `--with-key-origin` for > the very same key will show "origin=wkd". > > GnuPG uses the trust-model option to decide how to evaluate the trust we > have in a key. I've looked through the options, and checked the release > notes for the 2.3.x series to confirm nothing new there. > > I'm currently using "trust-model tofu+pgp"/"tofu-default-policy unknown" > > I think what I _want_ is `trust-model pgp+federated+tofu`, which means, > in order: (1) any sigs from the WoT; (2) origin information from the > key, if the origin shows the key was safely retrieved from a federated > origin in a provable way (WKD, various DNSSEC storage options, etc); (3) > TOFU as a fallback if there's nothing better. > > I might even just want `trust-model pgp+federated` if I'm feeling more > cautious. But in reality tofu helps a little. > > Does this make sense to people? Is there a security problem with this? > Does this seem like a reasonable feature request?
This absolutely makes sense. One way to model this in the web of trust is to imagine that you have a "WKD key," which you consider a partially trusted introducer, and which certifies keys that you retrieve via WKD. Practically, it's a bit more complicated using the available mechanisms. :) Neal _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
