How trust works in gpg...
Sven Radde
email at sven-radde.de
Mon May 5 13:20:34 CEST 2008
Faramir schrieb:
> I was reading again this message, and I'd like to know: is there any
> point about signing a key _but not giving any trusted status_ ?
Yes.
Signing the key makes it valid for you (i.e. you believe that the person
indicated in the key's User-IDs is the person who actually has control
over the secret key).
Assigning trust to a key means that you believe that the person owning
the secret key is careful before he/she signs other people's keys (i.e.
you consider other keys valid if they are signed by that person without
checking the UID yourself).
It can very well be the case that you are sure that a key is valid but
you do not trust the owner to make this kind of assertion about other keys.
Think of a long time friend whose key you have gotten during a personal
meeting but about who you know that he doesn't understand the GnuPG
trust concept at all. You can obviously sign his key, but you wouldn't
trust any signatures on other people's keys by him.
HTH, Sven
More information about the Gnupg-users
mailing list