[gnupg] trustdb problems, con't
Werner Koch
wk at isil.d.shuttle.de
Wed Jan 27 14:35:43 CET 1999
Thomas Roessler <roessler at guug.de> writes:
> With PGP, we get four IDs with marginal validity, and the key won't
> be used as an "introducer" - which is safe [2]. With gnupg, we get
> a key with four marginally trusted certificates which lead to full
> validity of the key. It will be used as an introducer, just like a
So you found a bug. The code should remove all duplicate signators of
a key and only evalutate one.
> full_count/full_needed + marginal_count/marginals_needed >= 1
Maybe. The TODO ays that this code must be tested much more.
> some kind of weight for the owner's trust. For a clean approach
> to the web of trust, including recommendations, see Maurer's
> paper "Modelling a public key infrastructure". (Thanks to gec
I know this paper and originally I intended to do this - I have not
yet found the time for it and so I think we should go with PGP
approach for a while.
Werner
More information about the Gnupg-devel
mailing list