trust value semantics

Joel N. Weber II devnull at
Wed Nov 13 03:34:01 CET 2002

For ssh, my current assumption is that for a host key, you want to
only accept openpgp-web-of-trust trusted host keys (I could imagine a
theoretical case where you might want to also accept a key whose
fingerprint is in known_hosts, but I don't entirely understand why you
wouldn't just use a bare ssh key for that, unless, I suppose, your
sysadmin were some sort of fascist bastard who thought that allowing
connections by methods that nobody verifies correctly shouldn't be
accepted); for the authorized_keys file, if you've put a fingerprint
in that file, you already know that you trust that key, and you
probably don't need a web of trust to remind you of that.

It's obvious, in verifying a host key, that I need to check the trust
value of the uid, since it's entirely possible for some uids to
collect more signatures than others, and that can actually be

What's less obvious is whether I need to care about the public key or
subkey trust value.  The key question, I think, is whether there's a
guarantee that any subkeys I see in the output of a command like the
one below do in fact belong to the public key: whether the primary
public key has signed the subkeys.  If that guarantee exists (and I
*think* that the way --import works, that guarentee does exist), then
I can just check the trust values on uids, and not worry about trust
on public keys and subkeys; otherwise, I'm not entirely sure how to
check that the subkeys I might want to use actually belong to that
primary public key.

xanthine:~$ gpg --fingerprint --fingerprint --with-colons --fixed-list-mode A15156F7C47A96665CBA480490C6EAC5143D2FE3
uid:q::::::::xanthine <sshd at>:
uid:q::::::::xanthine <sshd at>:

More information about the Gnupg-devel mailing list