Questions regarding "Web of Trust"

Lionel Elie Mamane
Fri Nov 1 06:23:02 2002

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Oct 31, 2002 at 03:06:40PM +0100, Armin Herbert wrote:

> there are now two sorts of trusts in gpg: the already known Owner
> Trust, whose value says wether I trust the owner of a key to sign
> only valid keys,

That is a value the user chooses.

> and the Validity, which specifies some kind of validity level (I
> believe a key is either valid or not ..

This one is computed from the signatures on the key.

> Then I'd like to know how I can change the Validity of a signed
> public key.

If it is signed by an ultimately or fully trusted key, its validity
should be full. You might have to force recalculation of the
trustdb. See the manpage, I'm still using GnuPG 1.0.6, these things
have changed starting 1.0.7.

> I read in the manual "u" is reserved for public keys to which I've
> also got the private keys.

Let's say "your keys".

> Because I had problems with KMail (either it's only accepting
> ultimately trusted keys for encrypting mail or it also wants a high
> owner trust value to do so, I'm not quite sure yet)

If it does so, it is broken. It makes sense to accept only _valid_
keys (or have a big fat warning and user confirmation for invalid
keys), but not to ask owner trust for encrypting to a key.

> I've set a key of a friend of mine to validity "u", which according
> to the manual is the wrong value, I should have set it to
> "full". How can I change it?

Err... AFAIK, the only way to have validity "u" on a key is to set the
ownertrust to u. Did you do that? Bad idea. It means you trust that
friend as much as you trust yourself.


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see