the "pgp" trust model: the relationship between classic ownertrust designation and trust signatures
dshaw at jabberwocky.com
Wed Apr 29 23:21:07 CEST 2009
On Apr 29, 2009, at 4:58 PM, Daniel Kahn Gillmor wrote:
> On 04/29/2009 04:36 PM, David Shaw wrote:
>> Classic ownertrust cannot be an infinite level of validity - that
>> imply that if Alice (owner)trusts Baker, she would find that Zenobia
>> (many hops away from Baker) is valid even though she has no
>> set for Charlie, David, Egbert, Frankie, George, etc, etc.
> This would only be true if Bob himself *published* an infinite trust
> signature on Charlie, etc. My original thought was that it was
> equivalent to an infinite *local* tsig, though, which wouldn't
> result in
> the same chain.
I see what you were going for now. An (implied) infinite trust
signature from Alice on Baker would be a fairly dangerous thing. It
gives Baker vastly more power than he would have in the classic trust
model. In classic, he could just sign one level down from himself.
In pgp, he could make introducers of introducers of introducers, down
to whatever level he wanted. For safety, it's best to require Alice
to explicitly grant that kind of power.
> Does --max-cert-depth have any meaning outside of the "pgp" trust
> for gpg? If not, why do we need it as an explicitly separate value,
> since each trust signature made by the ultimately-trusted key would
> imply a more-specific cert-depth limit anyway?
--max-cert-depth is used in both the classic and pgp trust models. In
both cases it just puts a cap on the calculations, using the idea that
the further you get away from the ultimately trusted key, the less
likely you are to trust that signer. You are right that a "pure"
trust model does imply a --max-cert-depth of infinity. It's just that
we don't live in a pure world.
More information about the Gnupg-devel