GnuPG Web-of-Trust calculations based on trust-signatures don't add up (T7611)
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed May 7 01:36:28 CEST 2025
On Tue 2025-05-06 23:04:40 +0200, Simon Josefsson wrote:
> Daniel Kahn Gillmor via Gnupg-devel <gnupg-devel at gnupg.org> writes:
>
>> - I generally expect WoT calculations to be cumulative or additive in
>> some sense.
>
> I think that may be a fundamental problem.
I should probably have said "potentially corroborative" or something. I
didn't mean to imply that every additional certification *must* increase
calculated validity, only that i don't expect additional certifications
to *reduce* validity.
In your discussion below, i think you're using the term "trust" to mean
both "calculated validity" (how much do i believe this certificate
belongs to the claimed User ID?) and "assigned ownertrust" (how much am
i willing to rely on cryptographic identity certifications made by this
key?)
In your sharp observation i think you're talking about the "validity" of
two *different* names associated with a single underlying cryptograpic
identity.
> So I don't think identity trust calculations must generally always be
> additive when given more information.
Right, i can see how that is an interesting counter-point: two mutually
conflicting identity assertions about the same underlying principal
should make either identity assertion *less* confident than it was
before.
I don't know of any WoT implementation that includes this kind of
heuristic, but i can see why it might be desirable.
For the sake of the discussion here though, i was talking about how to
think about certifications that all *agree* on the uid+key binding
(validity), but maybe differ in degree of trust asserted.
I had worked from the following observations:
- three certifications from "marginally trusted" certifiers add up to
full calculated validity for the subject.
- a certification from a "fully trusted" certifier *also* endows the
subject with full calculated validity.
- one certification from a "fully trusted" certifier plus another
certification from a "marginally trusted" certifier *also* endows the
subject with full calculated validity. (i think -- i'm realizing now
that i haven't explicitly tested this claim which i thought was
non-controversial)
- a "full" tsig at depth N results in the subject being a fully-trusted
certifier with depth N-1.
From the above, i'd assumed that
- the one "marginal" tsig at depth N plus one "full" tsig at identical
depth N would result in a fully-trusted certifier with depth N-1.
But this last thing appears to not be the case.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20250506/677b0baf/attachment.sig>
More information about the Gnupg-devel
mailing list