How trust works in gpg...

Werner Koch wk at gnupg.org
Fri Apr 25 09:57:41 CEST 2008


On Thu, 24 Apr 2008 21:12, dshaw at jabberwocky.com said:

> not how the OpenPGP trust system works.  The person who gets to decide
> if a key+uid should be signed is the person who makes the signature.

Nitpicking: It is not the OpenPGP trust system, but the way almost all
OpenPGP applications are used (basically Web of Trust).  OpenPGP is just
a framework and you may implement any trust system on top of it; using
the mechanisms provided by OpenPGP.

I have to mention this because many people believe OpenPGP demands the
WoT and exclude OpenPGP from further inspection when searching for a
specialized PKI.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.




More information about the Gnupg-users mailing list