trust calculations (was Re: Robot CA at toehold.com)

Jason Harris jharris@widomaker.com
Mon Dec 9 20:40:07 2002


--gj572EiMnwbLXET9
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Dec 09, 2002 at 02:34:29PM +0000, Julian T J Midgley wrote:
=20
> Agreed absolutely - consequently, it would be nice if there were some
> option to GPG to get it to display the trust-path (based on your own
> keyring) to a key it found to be valid during a --update-trustdb, so that
> you could easily make a considered judgment about whether you agreed with
> the proposed validity of the key.

Yes, ideally this should look like a pathfinder trace with the
signature levels, trustdb values, timestamps, and policy URLs included.

> (There are some keys five or six hops from my own that I can be
> very certain are valid, since I know all the signatories en route to
> be highly responsible signers, whilst there others only three hops away
> that I wouldn't actually want to trust for anything more than the most
> casual of correspondence, since I've no knowledge of the key signing
> habits of the signatories concerned. The marginal/complete trust model and

Assigning trust values to certain _signatures_ needs to be possible as
well.  0x10 signatures that are really persona signatures (think Thawte
Freemail keys/certifications) could then be properly handled.  Signatures
made by someone at a keysigning one has knowledge of might also be
trusted more than those made under unknown circumstances.  Also,
signing habits/policies and policy URLs need to be taken into account.
Someone's check of a photo ID resulting in a 0x12 signature might be the
next person's equivalent of a 0x13 signature.

--=20
Jason Harris          | NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris@widomaker.com | web:  http://jharris.cjb.net/

--gj572EiMnwbLXET9
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE99PHwSypIl9OdoOMRAh5/AKDIxfoDFWCu64WaHa3B8vOcVoCz2QCfZIim
Wq4V6ngIkYnEt0LNkn0AKCg=
=+RBp
-----END PGP SIGNATURE-----

--gj572EiMnwbLXET9--