Self-sigs with trusted key
David Shaw
dshaw at jabberwocky.com
Mon May 31 01:06:22 CEST 2004
On Sun, May 30, 2004 at 09:50:45PM +0700, Ivan Boldyrev wrote:
> On 8760 day of my life David Shaw wrote:
> >> I do not understand why third UID is not valid while it has self-sig
> >> with trusted key?
> >
> > That's now how trust works. You can't sign your own key to make it
> > valid. Neither can Werner ;)
> >
> > If you think about it, this makes sense.
>
> Agree. I asked just to be sure :)
>
> > If this wasn't true, then there would be no point in having
> > different validity levels on different user IDs since all user IDs
> > would become as trusted as the key as a whole.
>
> All user IDs will be valid if key is valid and trusted (i.e. I have
> called 'trust' in --edit-key). I have some keys that are valid but
> are not trusted. Werner's key is both valid and trusted...
No, this is not correct. Only user IDs that you have a signature path
to are valid. It is not true to say that if the key as a whole is
valid that the user IDs are valid as well. Trust does not 'flow' in
that direction.
> Another question: is default of --min-cert-level is 1 as man-page
> states? I have different results with
>
> $ gpg --min-cert-level 1 --update-trustdb
>
> and
>
> $ gpg --update-trustdb
>
> I use gpg (GnuPG) 1.3.6. The option is not changed in any
> configuration file.
This is a mistake in the man page. I'll fix it. In 1.3.x, the
default value is 2.
David
More information about the Gnupg-users
mailing list