Web of Trust

[David Shaw]

On Apr 27, 2008, at 8:01 AM, Lukas Barth wrote:
>
> David Shaw schrieb:
> | On Apr 26, 2008, at 11:39 AM, Lukas Barth wrote:
> |> I have a question regarding the way GPG handles the way of trust.  
> Let's
> |> say i have four keys (A-D). Key A is my own one, so I trust it
> |> ultimately and it is valid by definition. I signed B with A and  
> set B's
> |> ownertrust to "full". B signed C, and B trusts C only marginally. C
> |> signed D, so it's like:
> |>
> |> A->B->C->D
> |> [...]
> |> 3) B's trust in C is included in B's signature and so GPG knows  
> that it
> |> should trust C only marginally and searches for other signatures  
> of C,
> |> until it are enough for C to be trusted. This would be great!
> |>
> |> Which way is implemented in GPG?
> |
> | I think there is some confusion between "validity" and "trust" in  
> the
> | above, so it is very difficult to understand what you are asking  
> here.
>
> Sorry, my fault..
>
> | Basically, in the 4-key universe above, A is valid (you), B is valid
> | (you signed it), C is valid (B signed it, B is valid, and has full
> | ownertrust).  D is not valid because even though C signed it, C  
> has no
> | ownertrust.
>
> Right, that was possibility 2: Since C has no ownertrust, D is not
> valid. So it's really like "I have to assign an ownertrust to each and
> every key that I want to be able to sign another key"? If I have a big
> Web of Trust with a lot of keys, and not one "master key" signing them
> all, then I will have to set a whole lot of ownertrusts for my Web  
> being
> validated, right?
>
> In this case, for each key to be valid, it has to be signed by at  
> least
> one key i manually set the ownertrust for, is that right?

Yes.  That's how the "classic" trust model works.  The logic behind it  
is that you must know if C is making *good* signatures and not just  
signing anything that comes along without checking.  If you don't know  
that, you can't really use C's signatures safely.

> | I'm not sure what you are trying to get at with #3.  It doesn't  
> seem to
> | follow the problem statement of the 4-key universe.  If there are  
> other
> | keys in play here with other signatures, then you need to state  
> them in
> | the problem.
>
> No, no. The "problem" is that GPG does not know an ownertrust for  
> key C,
> right? Otherwise it would be possible to validate key D. Now if I do  
> not
> want to set this huge amount of ownertrusts as I depicted above,
> wouldn't it be a solution if B included in it's signature of C that B
> trusts C marginally. Now if I trust B fully, and I know that B  
> trusts C
> marginally, then my GPG is able to say "Great! B trusts C marginally,
> and I trust B fully, that means I also can trust C marginally!"

That is called a trust signature, and it's part of the "PGP" trust  
model in GPG.  You can make them with "tsign" instead of "sign" in the  
--edit-key menu.  They look like regular signatures except they have  
the ownertrust level built-in to the signature along with some ways to  
restrict the flows of that trust (hop counts and domain regular  
expressions).  Trust signatures work more or less as you describe  
above.  However, note that they are not really used very much outside  
of corporate (very hierarchical) environments.  In the example above,  
if B made a trust signature on C at the marginal level, you'd get what  
you describe: A (you), B (valid + full trust), C (valid + marginal  
trust).

David