Using "ultimate" Owner Trust

Eugen Leitl eugen@leitl.org
Thu Aug 15 14:48:01 2002


On 15 Aug 2002, Adrian 'Dagurashibanipal' von Bidder wrote:

> I don't see why anybody would let their key be generated by somebody
> else. Perhaps have a person help me generate my key, but this would be
> on my own machine.

Her shell account box was too low on entropy (I tried), and she doesn't
have a local GPG copy (it's Windows). This is clearly not a deep paranoia
setup, just a convenient way to use encryption with pine on a shell mail
account.
 
In an ideal world she would have generated her key herself.

> And why would you need to set ultimate trust on that key? Better sign it
> with your own key (if you trust it).

I was having trouble due to an unfortunate interaction of 1.0.6
unwittingly preceding 1.0.7 in $PATH and pinepgp (it broke with 1.0.7),
and managed to nuke the trust database because 1.0.6 couldn't handle
1.0.7's format.

No, I don't really trust my key, as I'm habitually accessing my DSL *nix
box containing the keyring via ssh sessions. The only trusted key is the 
one which was generated on and never leaves an air gapped machine, no?