Self-sigs with trusted key

David Shaw dshaw at
Mon May 31 01:06:22 CEST 2004

On Sun, May 30, 2004 at 09:50:45PM +0700, Ivan Boldyrev wrote:
> On 8760 day of my life David Shaw wrote:
> >> I do not understand why third UID is not valid while it has self-sig
> >> with trusted key?
> >
> > That's now how trust works.  You can't sign your own key to make it
> > valid.  Neither can Werner ;)
> >
> > If you think about it, this makes sense.
> Agree.  I asked just to be sure :)
> > If this wasn't true, then there would be no point in having
> > different validity levels on different user IDs since all user IDs
> > would become as trusted as the key as a whole.
> All user IDs will be valid if key is valid and trusted (i.e. I have
> called 'trust' in --edit-key).  I have some keys that are valid but
> are not trusted.  Werner's key is both valid and trusted...

No, this is not correct.  Only user IDs that you have a signature path
to are valid.  It is not true to say that if the key as a whole is
valid that the user IDs are valid as well.  Trust does not 'flow' in
that direction.

> Another question: is default of --min-cert-level is 1 as man-page
> states?  I have different results with
> $ gpg --min-cert-level 1 --update-trustdb
> and
> $ gpg --update-trustdb
> I use gpg (GnuPG) 1.3.6.  The option is not changed in any
> configuration file.

This is a mistake in the man page.  I'll fix it.  In 1.3.x, the
default value is 2.


More information about the Gnupg-users mailing list