Trust model: classic or pgp?

David Shaw dshaw at jabberwocky.com
Thu Mar 10 14:24:01 CET 2005


On Thu, Mar 10, 2005 at 01:04:20PM +0100, Marcus Frings wrote:
> Hello,
> 
> I have two questions concerning the trust model. The man page says:
> 
> ,----[ man gpg ]
> | --trust-model pgp|classic|always
> |     Set what trust model GnuPG should follow.  The models are:
> | 
> | 
> |     pgp       This is the Web of Trust combined with trust signa-
> |               tures as used in PGP 5.x and later.   This  is  the
> |               default trust model.
> | 
> |     classic   This  is  the  standard Web of Trust as used in PGP
> |               2.x and earlier.
> `----
> 
> First of all, what is actually the difference between "pgp" and
> "classic"? The first option tells about WOT and trust signatures but the
> latter just mentions the WOT.

That is the difference.  The "pgp" trust model is identical to
"classic" except that "pgp" supports trust signatures, and "classic"
doesn't (it treats them the same as any other signature).

I'm not quite sure what you're asking.

> My last question is why
> 
>   gpg --check-trustdb
> 
> results in 
>   
>   gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
>                                                    ^^^^^^^
> 
> when "pgp" is supposed to be the default? I cannot remember that I have
> ever changed the trust model. I guess I should switch over to "pgp",
> right?

You probably were using GnuPG 1.2.x or earlier before you upgraded to
1.4.  In this case, your trustdb was created as "classic", and so
GnuPG 1.4 is just respecting that.  If you want to force an upgrade to
"pgp", do

     gpg --trust-model pgp --check-trustdb

After that, you can just do --check-trustdb as before, but it'll use
the "pgp" trust model calculations.

Incidentally, you can similarly switch from "pgp" to "classic" by
doing:

     gpg --trust-model classic --check-trustdb

As to whether you want to do this or not, it's up to you.  If you
don't use trust signatures, then there is no benefit to using the
"pgp" model.  No real harm either, though.

David



More information about the Gnupg-users mailing list