Robot CA at toehold.com

Julian T J Midgley jtjm@xenoclast.org
Mon Dec 9 15:33:01 2002


On Mon, 9 Dec 2002, Huels, Ralf SCORE wrote:

>
> Even now you will have to consider every link in a given
> trust path.

Agreed absolutely - consequently, it would be nice if there were some
option to GPG to get it to display the trust-path (based on your own
keyring) to a key it found to be valid during a --update-trustdb, so that
you could easily make a considered judgment about whether you agreed with
the proposed validity of the key.

(There are some keys five or six hops from my own that I can be
very certain are valid, since I know all the signatories en route to
be highly responsible signers, whilst there others only three hops away
that I wouldn't actually want to trust for anything more than the most
casual of correspondence, since I've no knowledge of the key signing
habits of the signatories concerned. The marginal/complete trust model and
completes-needed/marginals-needed configurables are inadequate for
dealing with this.  Making calculated trust-paths visible would making
key-ring management both easier and more flexible.

pathfinder and other keyserver keyring based solutions to the path problem
are also inadequate, since they've no knowledge of the assigned
ownertrust.

Julian

-- 
Julian T. J. Midgley                       http://www.xenoclast.org/
Cambridge, England.
PGP: BCC7863F FP: 52D9 1750 5721 7E58 C9E1  A7D5 3027 2F2E BCC7 863F