the "pgp" trust model: the relationship between classic ownertrust designation and trust signatures

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat May 2 17:02:07 CEST 2009 

On 05/02/2009 10:41 AM, David Shaw wrote:
> On Apr 29, 2009, at 5:29 PM, Daniel Kahn Gillmor wrote:
>> How does max-cert-depth work in the classic trust model?  I'm afraid i
>> don't understand how a chain of length > 1 can exist in that model.
>> What am i missing?
> 
> It's not really a chain in the pgp trust model sense.  Take the example
> of a simple row of keys that sign the next key: Alice signs Baker who
> signs Charlie who signs David who signs Edgar who signs Gloria.  Alice
> then gives full ownertrust to Baker, Charlie, David, and Edgar.  End
> result is that Gloria is fully valid, *if* the max-cert-depth is deep
> enough to cover her, if not, then Edgar's signature has no effect.

Ah, i see.  So it's measured from the nearest key/uid directly signed by
an ultimately-trusted key, right?  In the above scenario, if Gloria was
one hop too many (i.e. if max-cert-depth was 3), were Alice to sign
Charlie's key/uid in addition to having marked the key with full
ownertrust, then Gloria's key/uid would have full calculated validity.
Do i have that right?

> It's hard to do that since the two concepts live on the opposite sides
> of the key signing "transaction".  The signer picks the trust-sig
> levels, but the recipient has their own personal choice for
> max-cert-depth, and each recipient can pick a different one.
> 
> GPG handles this by letting the signer issue signatures as if
> max-cert-depth was always infinite ("this is the validity I choose to
> grant"), but allows the recipient to trim that down to whatever they
> like ("this is what I will accept").  The default max-cert-depth is 5.

OK, i understand the reasoning here.  It still seems to me like it would
 usually be unreasonable for a person whose own max-cert-depth was 5 to
issue a tsig with depth > 5 (which is why i suggested a warning rather
than disabling the feature), but i see how it might come in handy in
some circumstances.

Thanks for the explanations of these concepts, David.  It's very helpful.

Regards,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090502/dbd0b406/attachment.pgp>

More information about the Gnupg-devel mailing list