ultimate trust

Nicholas Cole npcole at yahoo.co.uk
Tue Jan 6 11:37:54 CET 2004


Happy new year all.

I know that this has been discussed a little before,
but I think it is worth looking at again.

PGP / GPG as always been cursed by the word "trust",
because there are two ways in which gpg needs to trust
a key: firstly to be the key it claims to be (ie
validity), and secondly as an introducer of other
keys.  For the most part, these two are clearly
separated but I wonder if the "trust" menu of the
--edit-key option in more recent versions of gpg needs
a rethink.

A user is offered the chance to set how much he or she
"trusts" a key.  There is no clue to the user that
options 1-4 relate to trusting a key to introduce
others, whereas option 5 (ultimate trust) will mean
that gpg trusts the key in the
is-trusted-to-be-what-it-claims sense.

That is, setting 1-4 have no effect on whether or not,
say, a given signature made by the key is trusted:
even a "fully trusted" key is considered "invalid"
without trusted introducers, while a key marked as not
trusted may be considered perfectly valid.  On the
other hand, setting ultimate trust suddenly makes a
huge difference.

I understand the reasons why setting "ultimate trust"
may be a good thing in some settings, but perhaps I
could suggest it is moved to a seseparate option -
"mark-ultimate-trust" perhaps? - and even made an
"expert" option only.

At the very least, in my view, there ought to be a
clear help text to note that options 1-4 are about
trusting introducers, and option 5 is about something
else.

Not sure if this is really a devel or user issue, so
apologies for the x-post.

Best wishes,

N.


________________________________________________________________________
Yahoo! Messenger - Communicate instantly..."Ping" 
your friends today! Download Messenger Now 
http://uk.messenger.yahoo.com/download/index.html



More information about the Gnupg-users mailing list