Import of trustpaths
David Shaw
dshaw@jabberwocky.com
Mon Jun 30 15:04:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, Jun 30, 2003 at 11:42:07AM +0200, C. Hackenschmidt wrote:
> > Did you run 'gpg --update-trustdb' after you signed the
> > RootCA key? GnuPG does this automatically by default, but
> > some people have the automatic update turned off.
> >
>
> And if I do that I still have to go through all the keys manually.
>
> Actually what I want is all this done by just signing the Root CA key
> and nothing else.
You can't do that. It's just not how the web of trust works.
Once you sign the Root CA key, the Root CA key becomes valid.
However, it doesn't make any difference to any key underneath the Root
CA because you must set ownertrust on the Root CA key so that the
validity of the signed key can be calculated.
This applies to GnuPG, PGP, and anything else.
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
iD8DBQE/ADVy4mZch0nhy8kRAuppAJ9fayFdEP0K58DAL4RRAJA+B6RQRwCeOyc7
2Bz4FNKDRBwNv6gy0ryEQUg=
=23c1
-----END PGP SIGNATURE-----