Trust Signature and Trust Level Bug
Nicholas Cole
nicholas.cole at gmail.com
Sat Aug 13 12:07:54 CEST 2011
On Sat, Aug 13, 2011 at 3:03 AM, Daniel Kahn Gillmor
[snip]
> Could you open a ticket at
> https://bugs.g10code.com/ to record your observation and any proposed
> changes in behavior?
Dear David,
I've opened a bug -
https://bugs.g10code.com/gnupg/issue1361
I've slightly expanded the write-up there, and included a more
extended discussion.
Where a user specifies two logically inconsistent things, the question
is which one to honour. Given the typical use-cases for trust
signatures, I think it makes sense to honour the trust signature,
which is in line with gpg's current operation.
However, it is clearly a security issue if a trust signature can
trick/force a user to end up trusting a key for cases not intended by
the trust signature. I'm sure this a case of the User Interface
trying to be too clever, rather than a more serious underlying issue.
Best wishes,
Nicholas
More information about the Gnupg-devel
mailing list