Import of trustpaths

David Shaw dshaw@jabberwocky.com
Mon Jun 30 16:33:03 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Jun 30, 2003 at 04:03:48PM +0200, C. Hackenschmidt wrote:
> 
> David S. wrote:
> > 
> > On Mon, Jun 30, 2003 at 11:42:07AM +0200, C. Hackenschmidt wrote:
> > 
> > > > Did you run 'gpg --update-trustdb' after you signed the
> > > > RootCA key? GnuPG does this automatically by default, but 
> > > > some people have the automatic update turned off.
> > > > 
> > > 
> > > And if I do that I still have to go through all the keys manually.
> > > 
> > > Actually what I want is all this done by just signing the 
> > Root CA key 
> > > and nothing else.
> > 
> > You can't do that.  It's just not how the web of trust works.
> 
> Well, I'm pretty new to all this but if I import the ChainNAI7.asc I
> sended with my first mail into a PGP-Client and sign the RootCA as
> Metaitnroducer all the other keys become valid. Nothing more has to be
> done.

Whoops - my apologies.  I just took a second look at the sample keys
you provided.  I didn't realize you were using trust signatures
before.

Anyway, the proper answer to your question is that the current stable
GnuPG 1.2.x doesn't support that type of signature (it treats it as a
regular non-trust signature).  GnuPG 1.4 will support this fully when
it is released, and the development 1.3.x supports it now.

In the meantime, you can approximate the trust signature results by
manually setting trust at each hop.  "gpg --update-trustdb" will
prompt you for the needed values.  You only have to do this once: once
set, you don't need to set them again.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iD8DBQE/AEpz4mZch0nhy8kRAigkAJ4he2CJnd6RUVc2y9l9IIDPKXI8DACg2DSg
4XzFzJRwkvQ7dC4+z5clmwU=
=D2Ey
-----END PGP SIGNATURE-----