How to change trust model

Per Tunedal Casual pt at
Wed May 11 02:22:28 CEST 2005

Hash: SHA1

At 00:21 2005-05-11, David Shaw wrote:
 >On Wed, May 11, 2005 at 12:16:03AM +0200, Per Tunedal Casual wrote:
 >> Scenario:
 >> A new user has to quickly download keys to his contacts. The keys
 >> are
 >> signed by a mutually trusted CA.
 >> How can he get valid keys to use trusting the CA, rather than
 >> having
 >> to check  and sign each of them?
 >You don't need trust signatures or any special trust models for this.
 >If you trust the CA, sign the CA key.  If the CA has signed your
 >contacts, then you're done.  The contact keys are now valid.
Yes, David, you are right. I want a bit more.

Some contacts may not be directly signed by the CA, then the trust
model will be important, I suppose. How can the signature of the CA be
useful as far down the tree as possible?

Can you please explain the PGP-model and how to issue trust signatures
(tsign), with the implications for the validity of keys.

Per Tunedal
Version: GnuPG v1.4.1 (MingW32)
Comment: Vad är en PGP-signatur?


More information about the Gnupg-users mailing list