What does key properties validity and trust 'None' mean???

Gonzalo Bermúdez gonzalob at gonz0.com.ar
Mon Aug 28 21:30:50 CEST 2006


A key is valid in a keyring once it's signed by an ultimately trusted
key for that keyring, or when it gets enough signatures from other fully
or marginally trusted keys in the ring (this requirement depends on your
configuration, by default one fully trusted key or three marginals make
a key valid).

This is why John told you to assign a trust level of full only to people
you fully trust ;-). Otherwise your ring may be filled up valid keys
that you shouldn't really consider as such.
Note that you don't need a key's ownertrust to be full for it to work,
it just has to be valid. These two concepts are different.

p.S: forgive me Bo for sending this to your email, I meant to send it to
the list.

On Fri, 2006-08-25 at 20:55 +0200, Bo Berglund wrote:
> On Fri, 25 Aug 2006 02:50:15 -0500, John Clizbe <JPClizbe at comcast.net>
> wrote:
> 
> >Bo Berglund wrote:
> >> I have done this and it works. But that was not the gist of my
> >> problem, it deals with adding public keys from persons who just
> >> installed GnuPG and created new key pairs.
> >> 
> >> I learned here now that we have to:
> >> - Import the key into WinPT (Trust and Validity is now None)
> >> - Sign the key (Validity is now Full)
> >> - Change ownertrust to Full (only possible for a signed key)
> >> 
> >> We did not know about the two last steps and this is the reason for my
> >> post.
> >>
> >
> >You should *ONLY* set ownertrust to Full if you trust the key owner to fully
> >verify the identity of keys he signs, or if you don't care.
> 
> In order to get GPG to work I had to sign the received keys myself.
> Now I am wondering if maybe the procedure is wrong, maybe we should
> sign our own public keys when they have been stored in the ASC file
> instead? Will WinPT recognize this and set the Validity flag?
> 
> /Bo
> 
> Bo Berglund
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-- 
Saludos
Gonzalo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 323 bytes
Desc: This is a digitally signed message part
Url : /pipermail/attachments/20060828/82f12c12/attachment.pgp


More information about the Gnupg-users mailing list