trust calculations (was Re: Robot CA at

Jason Harris
Mon Dec 9 20:40:07 2002

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Dec 09, 2002 at 02:34:29PM +0000, Julian T J Midgley wrote:
> Agreed absolutely - consequently, it would be nice if there were some
> option to GPG to get it to display the trust-path (based on your own
> keyring) to a key it found to be valid during a --update-trustdb, so that
> you could easily make a considered judgment about whether you agreed with
> the proposed validity of the key.

Yes, ideally this should look like a pathfinder trace with the
signature levels, trustdb values, timestamps, and policy URLs included.

> (There are some keys five or six hops from my own that I can be
> very certain are valid, since I know all the signatories en route to
> be highly responsible signers, whilst there others only three hops away
> that I wouldn't actually want to trust for anything more than the most
> casual of correspondence, since I've no knowledge of the key signing
> habits of the signatories concerned. The marginal/complete trust model and

Assigning trust values to certain _signatures_ needs to be possible as
well.  0x10 signatures that are really persona signatures (think Thawte
Freemail keys/certifications) could then be properly handled.  Signatures
made by someone at a keysigning one has knowledge of might also be
trusted more than those made under unknown circumstances.  Also,
signing habits/policies and policy URLs need to be taken into account.
Someone's check of a photo ID resulting in a 0x12 signature might be the
next person's equivalent of a 0x13 signature.

Jason Harris          | NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it? | web:

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.1 (FreeBSD)