A Probabilistic Trust Model for GnuPG (2006)

Nicholas Cole nicholas.cole at gmail.com
Wed Dec 12 13:29:03 CET 2012


On Wed, Dec 12, 2012 at 3:01 AM, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
> On 12/11/2012 2:39 AM, remo.hertig at bluewin.ch wrote:
>> Why was this functionality never implemented?
>
> I also forgot to mention: it was never implemented because it would
> break the OpenPGP spec.
>
> If you want to see this included, your best bet is to argue on the IETF
> OpenPGP Working Group mailing list for it to be added to the next
> revision of the OpenPGP standard.

In fact, the OpenPGP standard DOES allow for fine-grained levels of
trust, or could be easily extended to do so - it's just that having
120 (or 255) levels of trusted introducer is of very marginal value.
It is hard to think of a real-world case where the 2 we have wouldn't
do.

What this proposal wanted to do was to introduce the idea that
marginal levels of trust in the web of trust might nevertheless result
in a key that was "probably good enough".

While an interesting proposal to reflect upon, this proposal is not a
useful or sensible one, and I'm glad that it has been mostly
forgotten.

Best wishes,

N.



More information about the Gnupg-devel mailing list