trust

[David Picón Álvarez]

--=_U_Szz1fZ.5XiMkIG0nnxfhpcRy8C.P
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

Hi,


First of all, thanks very much for the detailed reply, since you have just
shown me that I don't understand the WoT, ¡when I thought I did! :-)

> Imagine you set ownertrust for key 0x5B0358A2 <wk@gnupg.org> now.

Yep, in fact I've done that.

> Currently that won't change anything.

It may let me validate keys signed by wk, I guess.

> But imagine that next week you had an occation to meet with Josh Huber
> (just as an example) and sign his key 0x6B21489A.

Ja. I doubt it very much, but I understand where you're going.

> Suddenly WK's key will be valid in your keyring and all keys it has signed
> will inherit calculated trust. All because Josh has signed Werner.

Now here's where I get utterly and absolutely lost. Can you explain what you
mean by this? If I say I trust WK and I trust JH, that just means, IMO, that
they can give validity (but not trust) to other keys. Otherwise can you take
me away from my error?

> Let's go one step further. You don't travel that much, but Dragos Necula
> happens to visit Boston. He meets and excanges signatures with Josh Huber.
> If you had given ownertrust to Josh Huber's (at that time still invalid)
> key before with Dragos' Signature to Josh's key at a sudden all signatures
> from Werner's key will produce computed trust to those keys that you have
> in your keyring and that Werner has signed.

Again, I need some further explanation, I think.


--David.
BTW, I don't know if it is good or bad form, but I think it's OK, though I
found the examples amusing.


--=_U_Szz1fZ.5XiMkIG0nnxfhpcRy8C.P
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----

iQQXAwUAPfXP3YVy4iYQ9LKqFAKwiA//WydH06DLl5qG/LZRyZRxkyVhGZijjxIR
tN5oaXdRdRo/I95Vm/TISjuj5wCi1Ui2bV3yaV3XkKEOTsXe+f7kDgLoRiIequ2v
Fn2h/SLkvguLQCBEyACyeXy9uYTBiTPmp+1MIAK3bDLTK8sY3trKEY7Kom56wF3/
tSplTzbKi27Z8gH9G3RNrVIcVHogLj+wkeuiBl0dnEPeKiPG8RwsT1kvLc/3NKdR
ZzXT50ZaFxQ60qxbNEdlxFcdl0TXbi3sOcB+7tBrul3SnFllQj+g6KCJ/NbDubFG
fzszJZWeqypeLlob3U7AGdm5rO9nHYIlpuKNsLIz3q6IrcI+HS6A1WnCdQaU2mt/
eatocUp1LvC6feu4zO1IYOXi5KDQx1LFGXVvoxcBXpKo0S+hwIPY2VDMNQElOEqI
xgC7Kd6RJ0XCfKJzFPQwZ3pJPk/eN9ZbfLXHMcFJZOZT2dlQtUwJAC1biwjwF9/+
GhrKyADF92P+RG9t0SA696J/iyAi6W68QraLo51G5H9YAQd7qxiPxXQuOrYqKRPj
8YFafzqbYX502BaNT9RAptWdbUslNrBvP6RRi7w3OKh8atYtRo5NywbkqUC3tIK4
Zp7/cQq8n10HkjyJHe+IIGDB5VyGc50EFVXsy6723ZRd5qiM8vdTi6I3Efk5+zLg
/5sgTlWUST4P/2UXkSRjRa9+6E2jqrgLum9V3krZQnv/HbzImJfbonb+RXhZmc+P
GlzsJpbdMTatty1pROJ63LVYRHSTJIPFEt2jPRpGMrkC43n6/D0paq3+OQipIEdu
C1Gf9mvMUIsEXEhYhzXZ9Rd702bwl0e2f65ltWE/cAB2n3ZxNnkf0L4eGfEbIg87
x/e1xOqejtdGPxm63HUsnWn/XNFg2Vt5GlvpSSZWMk97Dg+7PTMbPzWRZNF29eKY
Eeraxt5Pux2Y/CCMrp0/hlAtbND9oIOOXQpW1A1vKQugvcPUpjNKNsaBOKSGAg3U
5is3qbL8rAPoVpenWmrSGcv0jxlX2QemkQr2xb8K82IcpeRAZhHz3cD53jCXkGWt
mW7h6U1u5INqxSG5gZfn9yB2ja9nQR5Sg4h2cLFLnNalvNI1dPaFl7EE8NY0hF8W
/EkuoUCMe9McJFxpVTYeCdOId3U72T0eK5+pj+cQSqT3D7RDVwevsD/jfq/l5nJf
6jC8U3m8qS9Cm4tJd1m02hMLut3wzlnU+39OKfTNPsJrdP9EWzSNy+yxKIFrD5iT
uxH1Dph0ItmJ1KZqcW9swSSVWtigyDKxuGTVnEtq/yFbOodeXPA0ddnCPadRfRN0
8cbneWL7mC7IDS1w8kPSmExsd6NO+K+hk6Wtjg6MhbG1Rmzw6l6Z35r9
=x9+E
-----END PGP SIGNATURE-----

--=_U_Szz1fZ.5XiMkIG0nnxfhpcRy8C.P--