max-cert-depth and "chains of trust" in GPG
David Shaw
dshaw at jabberwocky.com
Fri Jun 6 23:45:26 CEST 2008
On Fri, Jun 06, 2008 at 01:26:19PM -0700, bezna wrote:
> However, this does not happen in GPG. Because Alice does not have access to
> Bob's trust database (unless he exports it and gives it to her), she has no
> way of knowing who Bob trusts and to what extent. Thus, she can only rely on
> the signatures made by Bob himself to determine if a certificate is valid,
> but not Bob's trusted introducers because she has no idea who they are.
>
> A--> B--> C--> D
> Depth: 0 1 2 3
> Valid: y y y ?
Correct. This is because Alice does not necessarily agree with Bob.
The trust decisions are personal, and while Bob might feel that
Charlie is a good signer, Alice might not.
> A workaround to this problem is for Alice to fully trust Charlie (who
> appears valid to her because of Bob's signature) as an introducer, thereby
> validating Dale's certificate through him. Note that Alice doesn't need to
> sign Dale's certificate herself to do this.
Yes.
> So for Alice to be able to validate a certificate through someone else's
> signature, she has to personally trust that someone else; the trust can't
> transfer through an intermediate.
Yes. The "classic" trust model requires personal trust.
> Ok, now, after all this, which I hope you understood, come the questions. Am
> I understanding this correctly?
Yes.
> What does the max-cert-depth parameter refer to? Is that the depth of the
> "chain of signatures"?
Yes.
> And lastly, how do all these sites and applications that trace a path
> between your certificate and another person's certificate work? Based on
> tracing signatures alone?
Just signatures.
> Is it possible to export your trust database to these servers so
> they will aggregate it into one and take trust as well as signatures
> into account in determining validity down a chain?
No. As I noted above, the trust database is very dependent on the
owner - or put another way, why should you believe my trust database
is correct?
> Is there anything out there that incorporates real chains of trust of some
> substantial length?
Yes, there is. There is a different method of signing that does
basically what you are looking for here - try a "tsign" (for "trust
signature"). A trust signature does the same thing as a regular
signature, but also contains the trust information that would have
been put in the database. Essentially, it allows you to issue a
signature that says "I verified the key belongs to her, and I also
trust her to make signatures on my behalf".
See
<http://lists.gnupg.org/pipermail/gnupg-users/2005-May/025612.html>
for some examples on how to use it.
David
More information about the Gnupg-users
mailing list