Using "ultimate" Owner Trust
David Scribner
dscribner@yahoo.com
Thu Aug 15 17:48:02 2002
--- David Shaw <dshaw@jabberwocky.com> wrote:
> On Thu, Aug 15, 2002 at 01:59:19AM -0700, David Scribner
> wrote:
> > Yes, the scenario you [Lionel -dds] offered I clearly
> > understand, and was aware of. However, with regards to
> > that particular question I was wondering:
> >
> > When (and why) would someone assign an owner trust level of
> > "ultimate" to someone _else's_ key? (aside from a server
> > script scenario for example)
>
> Think of it as one more tool in the key management toolbox.
> There are often multiple ways of doing something, and
> different people like different methods. For example,
> imagine a company where the CEO signs everyone's key.
> Without this signature, the key is not a "real" company key.
> Rather than having everyone sign (locally or otherwise)
> the CEO's key, you can accomplish this by giving the CEO's key
> ultimate trust.
>
> Incidentally, the old --trusted-key option is identical to
> setting a key to ultimate trust. It's also one more tool
> - it may be easier for this hypothetical company to give
> everyone a consistent config file than it is to instruct
> employees on how to edit trust.
>
> David
>
> --
> David Shaw | dshaw@jabberwocky.com | WWW
> http://www.jabberwocky.com/
Gotcha. Thanks for the example David! If you don't mind I'll use
that when I talk about setting trust levels and the difference
between 1.0.6 and 1.0.7 in what they allow a user to do in the
'--edit-key' portion when I give the presentation.
=====
David D. Scribner
IT Consulting & Services
CompTIA Linux+, Network+, A+ Certified
Ph: (817) 461-4018 eFax: (630) 214-7769
dscribner_at_bigfoot.com http://www.bigfoot.com/~dscribner/
GnuPG/PGP: 3172 7408 58CA D9C2 F697 950F 9DDC 7AC7 91EC 5F06
__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com