the "pgp" trust model: the relationship between classic ownertrust designation and trust signatures
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Apr 29 23:29:18 CEST 2009
On 04/29/2009 05:21 PM, David Shaw wrote:
> An (implied) infinite trust
> signature from Alice on Baker would be a fairly dangerous thing. It
> gives Baker vastly more power than he would have in the classic trust
> model. In classic, he could just sign one level down from himself. In
> pgp, he could make introducers of introducers of introducers, down to
> whatever level he wanted. For safety, it's best to require Alice to
> explicitly grant that kind of power.
This reasoning makes a lot of sense, and i'm glad that gnupg implements
it this way now that it's been explained to me. :P
>> Does --max-cert-depth have any meaning outside of the "pgp" trust model
>> for gpg? If not, why do we need it as an explicitly separate value,
>> since each trust signature made by the ultimately-trusted key would
>> imply a more-specific cert-depth limit anyway?
>
> --max-cert-depth is used in both the classic and pgp trust models.
How does max-cert-depth work in the classic trust model? I'm afraid i
don't understand how a chain of length > 1 can exist in that model.
What am i missing?
> You are right that a "pure" trust
> model does imply a --max-cert-depth of infinity. It's just that we
> don't live in a pure world.
Should there be warnings, then, when issuing a trust-sig with a level
greater than max-cert-depth? Or should you need to have --expert
enabled to do so? There's no current indication that creating such a
signature won't have the intended effect.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090429/35e4d96b/attachment.pgp>
More information about the Gnupg-devel
mailing list