How to change trust model
Per Tunedal Casual
pt at radvis.nu
Wed May 11 22:05:52 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
At 03:00 2005-05-11, David Shaw wrote:
>On Wed, May 11, 2005 at 02:22:28AM +0200, Per Tunedal Casual wrote:
>> At 00:21 2005-05-11, David Shaw wrote:
>> >On Wed, May 11, 2005 at 12:16:03AM +0200, Per Tunedal Casual
>> >> Scenario:
>> >> A new user has to quickly download keys to his contacts. The
>> >> keys
>> >> are
>> >> signed by a mutually trusted CA.
>> >> How can he get valid keys to use trusting the CA, rather than
>> >> having
>> >> to check and sign each of them?
>> >You don't need trust signatures or any special trust models for
>> >If you trust the CA, sign the CA key. If the CA has signed your
>> >contacts, then you're done. The contact keys are now valid.
>> Yes, David, you are right. I want a bit more.
>> Some contacts may not be directly signed by the CA, then the trust
>> model will be important, I suppose. How can the signature of the CA
>> useful as far down the tree as possible?
>> Can you please explain the PGP-model and how to issue trust
>> (tsign), with the implications for the validity of keys.
>First, read this:
>It's a very good explanation of trust signature concepts.
>How they are used specifically in GnuPG is via the 'tsign' command.
>tsign is just like sign (or lsign) except that you are asked a few
>more questions by GnuPG. Think of tsign as a combination of a
>signature plus the ownertrust. This combines two different things
>from the classic trust model into one signature.
>First you are asked:
> Please decide how far you trust this user to correctly verify
> users' keys (by looking at passports, checking fingerprints from
> different sources, etc.)
> 1 = I trust marginally
> 2 = I trust fully
>This is similar to the question you get asked when setting
>What GnuPG is asking is not how much you trust the user, but how much
>you trust the user to make good signatures.
>The next question is:
> Please enter the depth of this trust signature.
> A depth greater than 1 allows the key you are signing to make
> trust signatures on your behalf.
>The signature depth is how many levels "deep" can the power granted
>this signature travel. For example, a level of 1 means that the key
>you sign is valid for you (just like a regular signature), but also
>that the ownertrust for this key is automatically set to MARGINAL or
>FULL (depending on how you answered the first question). A level of
>means that the key you sign is valid for you, and the ownertrust is
>automatically set, AND (assuming the trust made it to FULL) that this
>key can issue signatures up to level 1 on your behalf. A level of 3
>means all that, plus the key can issue signatures up to level 2, etc.
>You can think of a regular signature as a trust signature with a
>The next question:
> Please enter a domain to restrict this signature, or enter for
>This allows you to restrict (by domain name) the power of the
>signature. For example, let's say that you wanted to make a level 2
>signature on a CA key for a particular company. You should be
>with making any level above 1, so you want to restrict this to that
>company. By giving a restriction of companyname.com here, only
>signatures issued by the CA key on keys in companyname.com will take
>That's pretty much it. If you think about it, tsign is not generally
>useful outside of hierarchial environments with CAs. Some people are
>in hierarchial environments though, and this lets them interoperate.
>Incidentally, you can combine tsign with any of the other signing
>types (lsign, nrsign) in any combination you like: ltsign is a local
>trust signature, nrltsign is a nonrevocable local trust signature,
Hi again David,
now I tried:
1. Creating one Root-CA, signing a CA-key by:
gpg --edit-key keyid
with 2 = I trust fully
depth = 2
2. Letting a "user key" sign the Root-CA-key with
with 2 = I trust fully
depth = 2
Keys signed by the CA-key are valid for the user.
Please explain the depth i detail.
A. Would it be sufficient to choose depth = 1 for both trust
B. What happens if a key signed by the CA signs an other key with an
ordinary exportable signature?
C Why choose depth = 2? A scenario?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Vad är en PGP-signatur? www.clipanish.com/PGP/pgp.html
-----END PGP SIGNATURE-----
More information about the Gnupg-users