Documentation request: gpg 1.3.5
npcole at yahoo.co.uk
Mon Mar 1 13:52:49 CET 2004
Could I make a request for clear documentation of the
'new' trust model -- ie. the support in the
development versions for "trust signatures"?
For myself, I understand the basic principle (though
in my view this is not clearly enough stated in the
docs as far as I can see), but am very unclear about
what happens in practice. For example:
Suppose Alice and Brian are keys I trust fully to
introduce others. They both sign Fred's key with
trust signatures. Alice trusts him fully, while Brian
has only marginal trust. What level of trust does my
software now asign Brian's key?
If I read rfc2440 right (and perhaps I don't, of
course!) a trust signature might specify a trust level
of zero (I know that the gpg ui does not allow this).
So I could have two people whose judgement I depend
upon, who have different views of Fred's reliability.
Does gpg just resolve this by using the highest trust
value? (the only alternatives I can see would be to
either use the lowest trust value, or to average out
Sorry for the slightly confused questions. Am still
trying to work out all the implications of the new
Yahoo! Messenger - Communicate instantly..."Ping"
your friends today! Download Messenger Now
More information about the Gnupg-devel