GnuPG Web-of-Trust calculations based on trust-signatures don't add up (T7611)

[Simon Josefsson]

Daniel Kahn Gillmor via Gnupg-devel <gnupg-devel at gnupg.org> writes:

>> So I don't think identity trust calculations must generally always be
>> additive when given more information.
>
> Right, i can see how that is an interesting counter-point: two mutually
> conflicting identity assertions about the same underlying principal
> should make either identity assertion *less* confident than it was
> before.

No, I didn't mean that the two IDs provide assertions that conflict, and
I see now that my example was unclear and gave that impression.  While
it may appear that way, I don't believe one passport for a person with
name X and a drivers license for the same person with name Y is
necessarily asserting anything that conflicts.  A person can have
multiple names at different points in time, and it is common for people
to have multiple valid names at the same point in time too.  When
mapping this to a digital world, I think it is reasonable to give full
confidence to a simple chain of assertion claims, but less confidence to
a more complex chain.  Which seems somewhat similar to the example you
gave.  And more in line with common human trust confidence behaviour --
if you only have one person available for trust, you have no choice than
to trust 100% but if another person comes along you could trust 99%/1%
or 50%/50% depending on properties.  Mapping human trust calculations
into anything digital seems hard, though, and my head hurts when I try
to map any of this into PGP WoT principles.  But I'm not certain that
finding surprising examples is always a bug.

/Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1251 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20250507/e6fbb5a2/attachment.sig>