Import of trustpaths

David Shaw
Mon Jun 30 16:33:03 2003

Hash: SHA1

On Mon, Jun 30, 2003 at 04:03:48PM +0200, C. Hackenschmidt wrote:
> David S. wrote:
> > 
> > On Mon, Jun 30, 2003 at 11:42:07AM +0200, C. Hackenschmidt wrote:
> > 
> > > > Did you run 'gpg --update-trustdb' after you signed the
> > > > RootCA key? GnuPG does this automatically by default, but 
> > > > some people have the automatic update turned off.
> > > > 
> > > 
> > > And if I do that I still have to go through all the keys manually.
> > > 
> > > Actually what I want is all this done by just signing the 
> > Root CA key 
> > > and nothing else.
> > 
> > You can't do that.  It's just not how the web of trust works.
> Well, I'm pretty new to all this but if I import the ChainNAI7.asc I
> sended with my first mail into a PGP-Client and sign the RootCA as
> Metaitnroducer all the other keys become valid. Nothing more has to be
> done.

Whoops - my apologies.  I just took a second look at the sample keys
you provided.  I didn't realize you were using trust signatures

Anyway, the proper answer to your question is that the current stable
GnuPG 1.2.x doesn't support that type of signature (it treats it as a
regular non-trust signature).  GnuPG 1.4 will support this fully when
it is released, and the development 1.3.x supports it now.

In the meantime, you can approximate the trust signature results by
manually setting trust at each hop.  "gpg --update-trustdb" will
prompt you for the needed values.  You only have to do this once: once
set, you don't need to set them again.

Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at