Using "ultimate" Owner Trust

David Scribner
Thu Aug 15 17:48:02 2002

--- David Shaw <> wrote:
> On Thu, Aug 15, 2002 at 01:59:19AM -0700, David Scribner
> wrote:
> > Yes, the scenario you [Lionel -dds] offered I clearly
> > understand, and was aware of. However, with regards to
> > that particular question I was wondering:
> > 
> > When (and why) would someone assign an owner trust level of
> > "ultimate" to someone _else's_ key? (aside from a server
> > script scenario for example)
> Think of it as one more tool in the key management toolbox. 
> There are often multiple ways of doing something, and
> different people like different methods.  For example,
> imagine a company where the CEO signs everyone's key.
> Without this signature, the key is not a "real" company key.
> Rather than having everyone sign (locally or otherwise)
> the CEO's key, you can accomplish this by giving the CEO's key
> ultimate trust.
> Incidentally, the old --trusted-key option is identical to
> setting a key to ultimate trust.  It's also one more tool
> - it may be easier for this hypothetical company to give
> everyone a consistent config file than it is to instruct
> employees on how to edit trust.
> David
> -- 
>    David Shaw  |  |  WWW

Gotcha. Thanks for the example David! If you don't mind I'll use
that when I talk about setting trust levels and the difference
between 1.0.6 and 1.0.7 in what they allow a user to do in the
'--edit-key' portion when I give the presentation.

David D. Scribner
IT Consulting & Services
CompTIA Linux+, Network+, A+ Certified
Ph: (817) 461-4018        eFax: (630) 214-7769
GnuPG/PGP: 3172 7408 58CA D9C2 F697  950F 9DDC 7AC7 91EC 5F06

Do You Yahoo!?
HotJobs - Search Thousands of New Jobs