Web of Trust

[David Shaw]

On Apr 26, 2008, at 11:39 AM, Lukas Barth wrote:
> I have a question regarding the way GPG handles the way of trust.  
> Let's
> say i have four keys (A-D). Key A is my own one, so I trust it
> ultimately and it is valid by definition. I signed B with A and set  
> B's
> ownertrust to "full". B signed C, and B trusts C only marginally. C
> signed D, so it's like:
>
> A->B->C->D
>
> Now, since B is valid (I signed it) and I trust B fully C will be
> considered valid, too. But how about D? I can think of three  
> possibilities:
>
> 1) Since B is trusted fully, C is also trusted fully (after  
> verifying it
> with B's signature), and so D is considered valid. This would be *bad*
> since B originally had only marginal trust in C, and I would now have
> full trust in C.
>
> 2) Since I did not assign an ownertrust to C myself, gpg does not  
> trust
> C at all and so D is not valid. This would also be kind of bad since I
> would have to set a whole lot of ownertrusts for my PKI to be
> established. (For every key to be verified it would have to be  
> signed by
> at least one key I manually set the ownertrust for)
>
> 3) B's trust in C is included in B's signature and so GPG knows that  
> it
> should trust C only marginally and searches for other signatures of C,
> until it are enough for C to be trusted. This would be great!
>
> Which way is implemented in GPG?

I think there is some confusion between "validity" and "trust" in the  
above, so it is very difficult to understand what you are asking here.

Basically, in the 4-key universe above, A is valid (you), B is valid  
(you signed it), C is valid (B signed it, B is valid, and has full  
ownertrust).  D is not valid because even though C signed it, C has no  
ownertrust.

I'm not sure what you are trying to get at with #3.  It doesn't seem  
to follow the problem statement of the 4-key universe.  If there are  
other keys in play here with other signatures, then you need to state  
them in the problem.

David