the "pgp" trust model: the relationship between classic ownertrust designation and trust signatures

[Daniel Kahn Gillmor]

On 04/29/2009 04:36 PM, David Shaw wrote:
> A classic signature is exactly equivalent to a level 0 trust signature. 
> It means (more or less) "I assert this user ID matches the right
> human".  A classic signature + setting ownertrust (i.e. "I assert this
> user ID matches the right human and I also trust them to make good key
> signatures"), as you've noted, is effectively a level 1 non-exportable
> signature, which makes the same statement in a slightly different way.

Thanks, this is very clear!

> Classic ownertrust cannot be an infinite level of validity - that would
> imply that if Alice (owner)trusts Baker, she would find that Zenobia
> (many hops away from Baker) is valid even though she has no ownertrust
> set for Charlie, David, Egbert, Frankie, George, etc, etc.

This would only be true if Bob himself *published* an infinite trust
signature on Charlie, etc.  My original thought was that it was
equivalent to an infinite *local* tsig, though, which wouldn't result in
the same chain.

Also, wouldn't --max-cert-depth (default: 5) kick in before we reach
Zenobia?

Does --max-cert-depth have any meaning outside of the "pgp" trust model
for gpg?  If not, why do we need it as an explicitly separate value,
since each trust signature made by the ultimately-trusted key would
imply a more-specific cert-depth limit anyway?

> Carol is a trusted introducer to Bob, not to Alice.  If Alice signed Bob
> with a level 2 or above signature (thus granting Bob meta-introducer
> status (i.e. an introducer of trusted introducers) then David should be
> fully valid to Alice.

Gotcha.  That does work.  It's gradually making more sense.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090429/1635eaad/attachment.pgp>