the "pgp" trust model: the relationship between classic ownertrust designation and trust signatures

[David Shaw]

On Apr 29, 2009, at 4:58 PM, Daniel Kahn Gillmor wrote:

> On 04/29/2009 04:36 PM, David Shaw wrote:
>>
>> Classic ownertrust cannot be an infinite level of validity - that  
>> would
>> imply that if Alice (owner)trusts Baker, she would find that Zenobia
>> (many hops away from Baker) is valid even though she has no  
>> ownertrust
>> set for Charlie, David, Egbert, Frankie, George, etc, etc.
>
> This would only be true if Bob himself *published* an infinite trust
> signature on Charlie, etc.  My original thought was that it was
> equivalent to an infinite *local* tsig, though, which wouldn't  
> result in
> the same chain.

I see what you were going for now.  An (implied) infinite trust  
signature from Alice on Baker would be a fairly dangerous thing.  It  
gives Baker vastly more power than he would have in the classic trust  
model.  In classic, he could just sign one level down from himself.   
In pgp, he could make introducers of introducers of introducers, down  
to whatever level he wanted.  For safety, it's best to require Alice  
to explicitly grant that kind of power.

> Does --max-cert-depth have any meaning outside of the "pgp" trust  
> model
> for gpg?  If not, why do we need it as an explicitly separate value,
> since each trust signature made by the ultimately-trusted key would
> imply a more-specific cert-depth limit anyway?

--max-cert-depth is used in both the classic and pgp trust models.  In  
both cases it just puts a cap on the calculations, using the idea that  
the further you get away from the ultimately trusted key, the less  
likely you are to trust that signer.  You are right that a "pure"  
trust model does imply a --max-cert-depth of infinity.  It's just that  
we don't live in a pure world.

David