Questions regarding "Web of Trust"

Armin Herbert jolo@ph-freiburg.de
Thu Oct 31 15:06:01 2002


Hi,

I have some questions regarding the whole Web of Trust thing. Yes I read =
the=20
FAQ, I'll come to that later.

Ok .. first, did I understand it right that there are now two sorts of tr=
usts=20
in gpg: the already known Owner Trust (which is a confusing name for it, =
I=20
believe), whose value says wether I trust the owner of a key to sign only=
=20
valid keys, and the Validity, which specifies some kind of validity level=
 (I=20
believe a key is either valid or not .. I understand the point, but I don=
't=20
think it's good to have a validity level introduced, because I think I ca=
n=20
handle it by not trusting users who sign invalid keys).

Everything true so far?
Then I'd like to know how I can change the Validity of a signed public ke=
y. I=20
read in the manual "u" is reserved for public keys to which I've also got=
 the=20
private keys. Because I had problems with KMail (either it's only accepti=
ng=20
ultimately trusted keys for encrypting mail or it also wants a high owner=
=20
trust value to do so, I'm not quite sure yet) I've set a key of a friend =
of=20
mine to validity "u", which according to the manual is the wrong value, I=
=20
should have set it to "full". How can I change it?

Final question:
In the FAQ, part 7.3, is said "gpg --list-ownertrust" would print some=20
information about "assigned trust values (how much you trust the owner to=
=20
correctly sign another person's key)". My GPG version 1.0.7 probably does=
 so,=20
but it's not human-readable as said in the FAQ. Is there any other comman=
d to=20
list the owner trust values in a human-readable form?


Thanks for your patience and for any answer :-)




Armin