the best signature type someone can give me

Christoph Anton Mitterer cam at mathematica.scientia.net
Tue Nov 1 15:52:19 CET 2005 

David Shaw wrote:

>First, read this:
>
>http://download.cryptoex.com/documents/whitepaper/cex2003-pgp-in-unternehmen-en/Tech%20White%20Paper%202002%20-%20Using%20OpenPGP%20in%20Corporations.pdf
>
>Then, read this:
>
>http://lists.gnupg.org/pipermail/gnupg-users/2005-May/025612.html
>  
>
Thanks :-) .... these helped me a lot in understanding :-)

I've also read the thread and nearly the same question is asked there 
againm but,.. just to be sure:

So if I sign someone with a tsign and level 1:
-He is a trusted introducer for me, meaning that UIDs he sign are 
automatically valid for me. (using sign)
-If he tsigns someone,... with any level, that UID is vaild for me too 
BUT can't introduce new UIDs or introducers for me.

If I sign someone with level 2:
He is a metaintroducer meaning that,...
-normal normal sign he makes to UIDs are autom. vaild for me too.
-If he tsigns someone that someone is introducer for me too


Example:

me->(tsign_1)->root_CA
root_ca->(sign)->president
root_ca->(tsign-x)->sub_CA

=>root_ca and president is valid to me
=>sub_CA is vaild too but nothing that sub_CA signs/tsigns is vaild for me


Example:
me->(tsign_2)->root_CA
root_ca->(sign)->president
root_ca->(tsign-1)->sub_CA_A
root_ca->(tsign-2)->sub_CA_B

sub_CA_A->(sign)->bill
sub_CA_B->(tsign-1)->sub_sub_CA_B_A

sub_sub_CA_B_A->sign->joe

president->sign->mike

=>root_CA, president, sub_CA_A, sub_CA_B are vaild to me
=>bill is vaild too as root_CA makes sub_CA_A to an trusted introducer 
for me (with the level 1 tsign)
=>sub_sub_CA_B_A itself is valid too for me
=>joe is NOT vaild for me, even sub_sub_CA_B_A got an level-1-tsign from 
sub_CA_B which got an (!!) level-2-tsign from root_CA which would be ok 
=> BUT I gave root_CA only a level-2-sign so third and higher level 
introducers (like sub_sub_CA_B_A is one) do not count for me
=>mike is not vaild for me, too. even the levels for him would have been 
ok,.. BUT president hasn't an tsign-x signature from the root


Everything correct so far?


What is the difference if I use FULLY or MARGINAL with tsigns?


Best wishes,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cam.vcf
Type: text/x-vcard
Size: 449 bytes
Desc: not available
Url : /pipermail/attachments/20051101/a4ef525f/cam.vcf

More information about the Gnupg-users mailing list