Robot CA at toehold.com
Julian T J Midgley
Mon Dec 9 15:33:01 2002
On Mon, 9 Dec 2002, Huels, Ralf SCORE wrote:
> Even now you will have to consider every link in a given
> trust path.
Agreed absolutely - consequently, it would be nice if there were some
option to GPG to get it to display the trust-path (based on your own
keyring) to a key it found to be valid during a --update-trustdb, so that
you could easily make a considered judgment about whether you agreed with
the proposed validity of the key.
(There are some keys five or six hops from my own that I can be
very certain are valid, since I know all the signatories en route to
be highly responsible signers, whilst there others only three hops away
that I wouldn't actually want to trust for anything more than the most
casual of correspondence, since I've no knowledge of the key signing
habits of the signatories concerned. The marginal/complete trust model and
completes-needed/marginals-needed configurables are inadequate for
dealing with this. Making calculated trust-paths visible would making
key-ring management both easier and more flexible.
pathfinder and other keyserver keyring based solutions to the path problem
are also inadequate, since they've no knowledge of the assigned
Julian T. J. Midgley http://www.xenoclast.org/
PGP: BCC7863F FP: 52D9 1750 5721 7E58 C9E1 A7D5 3027 2F2E BCC7 863F