What's the proper way to make a key truested?

David T-G davidtg-gnupg@justpickone.org
Mon May 20 21:06:01 2002

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Jonathan --

=2E..and then JW said...
% Hash: SHA1
% HH >> tried 'trust' '4' (full trust) save (to which is said nothign needed
% HH >> to be saved) and closed.
% HH >
% HH >I'm new to GPG, but as to my understanding you have to sign the Key to
% HH >trust it. The "trust" you have edited is how much you trust the key
% HH >(that is, the owner of the key) to introduce other keys to you.
% Wow, that's drastic (though understandable).=20

What's drastic about it?

The "level of trust" lets you develop a relational web that weighs how
many people know [how many other people who know] this person and how
much you trust each of them.

You might know with absolute certainty that key X belongs to your friend
Alice, so you can sign it and even export your signed copy to keyservers
so that other people who know and trust you can then trust Alice.
You might also know, however, that Alice signs any old key she finds and
thus not trust her to introduce keys to you and so set the trust level
low (or to "I don't trust this person").

Meanwhile, you might feel pretty comfortable with a published key that
has been signing, say, gpg releases since they first came out, and you
might know that this person is also involved with another project, and
so even though you haven't signed that key because you've never met the
person, you might still nonetheless place some trust in that person's
recommendation of another and trust his key "marginally" or even "fully".

% Can anyone confirm this?

I'd like to, and that's my experience, but I'm not one of the developers
so I can's say for sure.  You could, however, try it yourself and see
if it fixes your problem :-)


David T-G                      * It's easier to fight for one's principles
(play) davidtg@justpickone.org * than to live up to them. -- fortune cookie
(work) davidtgwork@justpickone.org
http://www.justpickone.org/davidtg/    Shpx gur Pbzzhavpngvbaf Qrprapl Npg!

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.7 (GNU/Linux)