How to change trust model
Per Tunedal Casual
pt at radvis.nu
Wed May 11 00:16:03 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 23:58 2005-05-10, David Shaw wrote:
>On Tue, May 10, 2005 at 11:52:19PM +0200, Per Tunedal Casual wrote:
>
>> gpg --trust-model PGP --check-trustdb
>
>This is the "new" PGP trust model from PGP 5 and later.
>
>> gpg --trust-model classic --check-trustdb
>
>This is the standard old trust model from PGP 2.x and GnuPG 1.2.x.
>
>For most people, they will not see a difference between these two.
>Only if you are issuing trust signatures (tsign) will a difference
>show up.
>
>> gpg --trust-model direct --check-trustdb
>
>This is a no-trust model, where you set each key trust individually,
>and there are no calulations necessary.
>
>> I don't see the difference between them. I am interested in the
>> implications for the validity of keys. How can I make the best use
>> of
>> a signature from a CA?
>
>I can't answer that question in those terms. I don't know what you
>want to do, who the CA is, how the CA signs...
>
>David
Hi,
>Only if you are issuing trust signatures (tsign) will a difference
>show up.
There you told something interesting. I haven't heard of that command
before.
Scenario:
A new user has to quickly download keys to his contacts. The keys are
signed by a mutually trusted CA.
How can he get valid keys to use trusting the CA, rather than having
to check and sign each of them?
Per Tunedal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Vad är en PGP-signatur? www.clipanish.com/PGP/pgp.html
iD8DBQFCgTKfpPsTvNtsBX8RAlvQAJ4xhZ95ulvGtQGQoESlPzEEHo7BbwCcCB9N
UDlRBxDshskz4Shd6lQHgek=
=9WUZ
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list