Using "ultimate" Owner Trust

David Shaw
Thu Aug 15 13:39:01 2002

On Thu, Aug 15, 2002 at 01:59:19AM -0700, David Scribner wrote:
> --- Lionel Elie Mamane <> wrote:
> > On Wed, Aug 14, 2002 at 07:54:54PM -0700, David Scribner
> > wrote:
> > 
> > > When (and why) would someone assign an owner trust level of
> > > "ultimate" to someone else's key?
> > 
> > It is your key, but you don't have the corresponding secret
> > key on
> > *this* computer, because it is a "high-security" key you keep
> > only on
> > a secure network? That would be a good reason to have ultimate
> > trust
> > in a key you don't have the secret key of in your keyring.
> > 
> > -- 
> > Lionel
> Yes, the scenario you offered I clearly understand, and was
> aware of. However, with regards to that particular question I
> was wondering:
> When (and why) would someone assign an owner trust level of
> "ultimate" to someone _else's_ key? (aside from a server script
> scenario for example)

Think of it as one more tool in the key management toolbox.  There are
often multiple ways of doing something, and different people like
different methods.  For example, imagine a company where the CEO signs
everyone's key.  Without this signature, the key is not a "real"
company key.  Rather than having everyone sign (locally or otherwise)
the CEO's key, you can accomplish this by giving the CEO's key
ultimate trust.

Incidentally, the old --trusted-key option is identical to setting a
key to ultimate trust.  It's also one more tool - it may be easier for
this hypothetical company to give everyone a consistent config file
than it is to instruct employees on how to edit trust.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson