How trust works in gpg...

Werner Koch wk at
Fri Apr 25 09:57:41 CEST 2008

On Thu, 24 Apr 2008 21:12, dshaw at said:

> not how the OpenPGP trust system works.  The person who gets to decide
> if a key+uid should be signed is the person who makes the signature.

Nitpicking: It is not the OpenPGP trust system, but the way almost all
OpenPGP applications are used (basically Web of Trust).  OpenPGP is just
a framework and you may implement any trust system on top of it; using
the mechanisms provided by OpenPGP.

I have to mention this because many people believe OpenPGP demands the
WoT and exclude OpenPGP from further inspection when searching for a
specialized PKI.



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-users mailing list