Questions about trust signatures

David Shaw dshaw at jabberwocky.com
Thu Jun 26 20:54:14 CEST 2008 

On Mon, Jun 16, 2008 at 05:02:12PM -0400, David Shaw wrote:

> Interesting.  I'm going to have to go back to my notes from when I
> wrote that code back in 2002, and see what I was shooting for.  My
> memory is that I wanted the trust depth to automatically degrade as
> the chain continued.  It's possible this is just a bug, or it is
> possible I did it this way on purpose (PGP compatibility, maybe?)

After some digging: GPG's trust signature implementation was based on,
and tested against PGP 7 (as a black box - we didn't see any of the
code).  My best guess is this is what PGP 7 did at the time?  I don't
really recall, and don't have a copy to test against any longer.

In any event, PGP 9 does lower the trust depth as the chain gets
longer, so I will update the calculations to match that.  Here is a
patch.  Can you give it a try and see if it works as expected for you?

David
-------------- next part --------------
Index: trustdb.c
===================================================================
--- trustdb.c	(revision 4795)
+++ trustdb.c	(working copy)
@@ -1933,50 +1933,72 @@
 		     (uidnode && check_regexp(kr->trust_regexp,
 					    uidnode->pkt->pkt.user_id->name))))
             {
-	      if(DBG_TRUST && opt.trust_model==TM_PGP && sig->trust_depth)
-		log_debug("trust sig on %s, sig depth is %d, kr depth is %d\n",
-			  uidnode->pkt->pkt.user_id->name,sig->trust_depth,
-			  kr->trust_depth);
-
 	      /* Are we part of a trust sig chain?  We always favor
                  the latest trust sig, rather than the greater or
                  lesser trust sig or value.  I could make a decent
                  argument for any of these cases, but this seems to be
                  what PGP does, and I'd like to be compatible. -dms */
-	      if(opt.trust_model==TM_PGP && sig->trust_depth
-		 && pk->trust_timestamp<=sig->timestamp
-		 && (sig->trust_depth<=kr->trust_depth
-		     || kr->ownertrust==TRUST_ULTIMATE))
+	      if(opt.trust_model==TM_PGP
+		 && sig->trust_depth
+		 && pk->trust_timestamp<=sig->timestamp)
 		{
-		  /* If we got here, we know that:
+		  byte depth;
 
-		     this is a trust sig.
+		  /* If the depth on the signature is less than the
+		     chain currently has, then use the signature depth
+		     so we don't increase the depth beyond what the
+		     signer wanted.  If the depth on the signature is
+		     more than the chain currently has, then use the
+		     chain depth so we use as much of the signature
+		     depth as the chain will permit.  An ultimately
+		     trusted signature can restart the depth to
+		     whatever level it likes. */
 
-		     it's a newer trust sig than any previous trust
-		     sig on this key (not uid).
+		  if(sig->trust_depth<kr->trust_depth
+		     || kr->ownertrust==TRUST_ULTIMATE)
+		    depth=sig->trust_depth;
+		  else
+		    depth=kr->trust_depth;
 
-		     it is legal in that it was either generated by an
-		     ultimate key, or a key that was part of a trust
-		     chain, and the depth does not violate the
-		     original trust sig.
+		  if(depth)
+		    {
+		      if(DBG_TRUST)
+			log_debug("trust sig on %s, sig depth is %d,"
+				  " kr depth is %d\n",
+				  uidnode->pkt->pkt.user_id->name,
+				  sig->trust_depth,
+				  kr->trust_depth);
 
-		     if there is a regexp attached, it matched
-		     successfully.
-		  */
+		      /* If we got here, we know that:
 
-		  if(DBG_TRUST)
-		    log_debug("replacing trust value %d with %d and "
-			      "depth %d with %d\n",
-			      pk->trust_value,sig->trust_value,
-			      pk->trust_depth,sig->trust_depth);
+			 this is a trust sig.
 
-		  pk->trust_value=sig->trust_value;
-		  pk->trust_depth=sig->trust_depth-1;
+			 it's a newer trust sig than any previous trust
+			 sig on this key (not uid).
 
-		  /* If the trust sig contains a regexp, record it
-		     on the pk for the next round. */
-		  if(sig->trust_regexp)
-		    pk->trust_regexp=sig->trust_regexp;
+			 it is legal in that it was either generated by an
+			 ultimate key, or a key that was part of a trust
+			 chain, and the depth does not violate the
+			 original trust sig.
+
+			 if there is a regexp attached, it matched
+			 successfully.
+		      */
+
+		      if(DBG_TRUST)
+			log_debug("replacing trust value %d with %d and "
+				  "depth %d with %d\n",
+				  pk->trust_value,sig->trust_value,
+				  pk->trust_depth,depth);
+
+		      pk->trust_value=sig->trust_value;
+		      pk->trust_depth=depth-1;
+
+		      /* If the trust sig contains a regexp, record it
+			 on the pk for the next round. */
+		      if(sig->trust_regexp)
+			pk->trust_regexp=sig->trust_regexp;
+		    }
 		}
 
               if (kr->ownertrust == TRUST_ULTIMATE)

More information about the Gnupg-users mailing list