ultimate trust
Neil Williams
linux at codehelp.co.uk
Fri Jan 9 19:10:03 CET 2004
On Tuesday 06 Jan 2004 11:37 am, Nicholas Cole wrote:
> a key: firstly to be the key it claims to be (ie
> validity), and secondly as an introducer of other
> keys. For the most part, these two are clearly
> separated but I wonder if the "trust" menu of the
> --edit-key option in more recent versions of gpg needs
> a rethink.
>
> A user is offered the chance to set how much he or she
> "trusts" a key. There is no clue to the user that
> options 1-4 relate to trusting a key to introduce
> others, whereas option 5 (ultimate trust) will mean
> that gpg trusts the key in the
> is-trusted-to-be-what-it-claims sense.
> I understand the reasons why setting "ultimate trust"
> may be a good thing in some settings, but perhaps I
I thought your own keys had to be ultimate trust? If you can't make your own
keys ultimately trusted, what is the point of setting 'u' for any other key?
Equally, if the secret key is not available, what's the benefit of ultimate
trust - wouldn't it be a case of using --always-trust on the command line or
as a config option?
> could suggest it is moved to a seseparate option -
> "mark-ultimate-trust" perhaps? - and even made an
> "expert" option only.
Perhaps ultimate trust should be only available if the secret key is also
available?
--
Neil Williams
=============
http://www.codehelp.co.uk/
http://www.dclug.org.uk/
http://www.isbn.org.uk/
http://sourceforge.net/projects/isbnsearch/
http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : /pipermail/attachments/20040109/c74e5ed6/attachment.bin
More information about the Gnupg-users
mailing list