trust calculations (was Re: Robot CA at toehold.com)
Mon Dec 9 20:40:07 2002
Content-Type: text/plain; charset=us-ascii
On Mon, Dec 09, 2002 at 02:34:29PM +0000, Julian T J Midgley wrote:
> Agreed absolutely - consequently, it would be nice if there were some
> option to GPG to get it to display the trust-path (based on your own
> keyring) to a key it found to be valid during a --update-trustdb, so that
> you could easily make a considered judgment about whether you agreed with
> the proposed validity of the key.
Yes, ideally this should look like a pathfinder trace with the
signature levels, trustdb values, timestamps, and policy URLs included.
> (There are some keys five or six hops from my own that I can be
> very certain are valid, since I know all the signatories en route to
> be highly responsible signers, whilst there others only three hops away
> that I wouldn't actually want to trust for anything more than the most
> casual of correspondence, since I've no knowledge of the key signing
> habits of the signatories concerned. The marginal/complete trust model and
Assigning trust values to certain _signatures_ needs to be possible as
well. 0x10 signatures that are really persona signatures (think Thawte
Freemail keys/certifications) could then be properly handled. Signatures
made by someone at a keysigning one has knowledge of might also be
trusted more than those made under unknown circumstances. Also,
signing habits/policies and policy URLs need to be taken into account.
Someone's check of a photo ID resulting in a 0x12 signature might be the
next person's equivalent of a 0x13 signature.
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
email@example.com | web: http://jharris.cjb.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
-----END PGP SIGNATURE-----