How trust works in gpg...
prlewis at letterboxes.org
Tue Apr 15 14:23:01 CEST 2008
On Tuesday 15 April 2008 at 12:39:43 Herbert Furting wrote:
> gpg uses a so called trust modell (there ary actually several
> different), where you can each UID/key an specific amount of trust.
> You can give:
> n Never trust this key.
> m Marginally trusted.
> f Fully trusted.
> u Ultimately trusted.
> and you'll also see:
> - No ownertrust assigned / not yet calculated.
> e Trust calculation has failed; probably due to
> an expired key.
> q Not enough information for calculation.
> (I've stole that from the manpage,.. so credit should go to Werner or
> some of the other developers ;) )
> Depending on how much you trust a user you normally give him n (e.g.
> your little brother who signs every key/uid without validating it, m
> or f and rarely perhaps even u (your wife, which you fully trust
> *g*.... or not).
> u means that you automatically recognize the key/UIDs that keyholder
> made as valid
> completes-needed specify how many trust-paths you need to a key from
> keys you trust fully.
> marginals-needed is the same for marginally trusted keys.
> suppose you are A and have signed following key/UIDs with following
> trust values:
> Now your gpg gets the key F, which you haven't signed yourself, but
> the others have, thus you'll have the following trust-paths:
> Suppose marginals-needed=3 and completes-needed=2:
> The two paths
> are not enough the recognize F as valid, because you'd need tree ?(m)
> paths, but the two other pathes are enough.
Thanks, that makes sense.
So I guess my question is: is this a guide for me, and then I should manually
set the trust level on key F myself (if I am satisfied that the chains
exist), or should gpg do this automatically for me based on the parameters in
my gpg.conf? It doesn't seem to be calculating anything automatically at the
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 307 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users