gpg: return value, validity vs trust
Hauke Laging
mailinglisten at hauke-laging.de
Sat Dec 13 22:43:46 CET 2014
Am Sa 13.12.2014, 19:39:00 schrieb Anish R Athalye:
> Unfortunately, valid != trusted.
>
> In terms of security, validity means almost nothing.
Once more the terminology is the problem.
What you mean with "valid" is called "correct". Validity is a key
status. A "valid signature" is a signature by a valid key. A key usually
becomes valid by getting signed.
"Trust" refers to owner trust (certification trust). Setting owner trust
to "ultimate" makes a key valid. Apart from that "trust" is not related
to (data) signature checking.
A few months ago we had here a discussion about an improved terminology.
IIRC "accepted" was preferred over "valid".
Hauke
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 603 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20141213/d020a041/attachment-0001.sig>
More information about the Gnupg-devel
mailing list