Questions regarding "Web of Trust"

Armin Herbert
Thu Oct 31 15:06:01 2002


I have some questions regarding the whole Web of Trust thing. Yes I read =
FAQ, I'll come to that later.

Ok .. first, did I understand it right that there are now two sorts of tr=
in gpg: the already known Owner Trust (which is a confusing name for it, =
believe), whose value says wether I trust the owner of a key to sign only=
valid keys, and the Validity, which specifies some kind of validity level=
believe a key is either valid or not .. I understand the point, but I don=
think it's good to have a validity level introduced, because I think I ca=
handle it by not trusting users who sign invalid keys).

Everything true so far?
Then I'd like to know how I can change the Validity of a signed public ke=
y. I=20
read in the manual "u" is reserved for public keys to which I've also got=
private keys. Because I had problems with KMail (either it's only accepti=
ultimately trusted keys for encrypting mail or it also wants a high owner=
trust value to do so, I'm not quite sure yet) I've set a key of a friend =
mine to validity "u", which according to the manual is the wrong value, I=
should have set it to "full". How can I change it?

Final question:
In the FAQ, part 7.3, is said "gpg --list-ownertrust" would print some=20
information about "assigned trust values (how much you trust the owner to=
correctly sign another person's key)". My GPG version 1.0.7 probably does=
but it's not human-readable as said in the FAQ. Is there any other comman=
d to=20
list the owner trust values in a human-readable form?

Thanks for your patience and for any answer :-)