Question about ultimate trust

David Shaw dshaw at
Mon Mar 21 17:37:50 CET 2005

On Sun, Mar 20, 2005 at 01:12:33PM +0800, Zuxy wrote:
> Hi List,
> Not until recently did I notice that I can trust any key ultimately,
> even those without secret part. Isn't ultimate trust expected to be
> assigned exclusively to my own keys?

Not necessarily.  You can set ultimate trust to any key you want to
allow to make trust decisions for you - for example, if you work at a
company with a corporate signing key.

> And what's the difference between ultimate and complete trust when
> calculating keys' validity?

They're similar, but ultimate trust has more power.  Think of ultimate
trust as combining complete trust, plus automatically making the key
fully valid, plus bypassing any restrictions on how many completely
trusted sigs make a key valid - any key signed by an ultimately
trusted key is always valid.


More information about the Gnupg-users mailing list