David Picón Álvarez
Tue Dec 10 12:22:01 2002
First of all, thanks very much for the detailed reply, since you have just
shown me that I don't understand the WoT, ¡when I thought I did! :-)
> Imagine you set ownertrust for key 0x5B0358A2 <email@example.com> now.
Yep, in fact I've done that.
> Currently that won't change anything.
It may let me validate keys signed by wk, I guess.
> But imagine that next week you had an occation to meet with Josh Huber
> (just as an example) and sign his key 0x6B21489A.
Ja. I doubt it very much, but I understand where you're going.
> Suddenly WK's key will be valid in your keyring and all keys it has signed
> will inherit calculated trust. All because Josh has signed Werner.
Now here's where I get utterly and absolutely lost. Can you explain what you
mean by this? If I say I trust WK and I trust JH, that just means, IMO, that
they can give validity (but not trust) to other keys. Otherwise can you take
me away from my error?
> Let's go one step further. You don't travel that much, but Dragos Necula
> happens to visit Boston. He meets and excanges signatures with Josh Huber.
> If you had given ownertrust to Josh Huber's (at that time still invalid)
> key before with Dragos' Signature to Josh's key at a sudden all signatures
> from Werner's key will produce computed trust to those keys that you have
> in your keyring and that Werner has signed.
Again, I need some further explanation, I think.
BTW, I don't know if it is good or bad form, but I think it's OK, though I
found the examples amusing.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----