Trust Signatures
David Shaw
dshaw at jabberwocky.com
Mon Nov 17 21:18:34 CET 2008
On Mon, Nov 17, 2008 at 11:35:29AM -0800, Loren M. Lang wrote:
> I having trouble understanding trust signatures in OpenPGP so I decided
> to run an experiment. I created a new private key for me in a fresh
> GNUPGHOME followed by private keys for Alice, Bobbie, Charlie, and
> Mallory in a separate GNUPGHOME. I had Alice sign Bobbie's public key
> who signed Charlie's who signed Mallory's. I then imported Alice,
> Bobbie, Charlie, and Mallory's public keys into my GNUPGHOME. All there
> keys showed up as unknown trust and unknown validity as expected. I
> then signed Alice's public key. All signatures so far have been trust
> signatures with a depth of 4 and full trust with no domain specified.
> At this point Alice's key shows up as fully trusted and fully valid as
> expected. Bobbie's key became automatically fully valid without me
> setting an ownertrust on Alice, but Bobbie's trust is marked as unknown.
> Charlie's key is unknown trust with undefined validity. As I understand
> trust signatures, all keys up to Mallory should be valid, what am I
> missing?
You do understand correctly. This is a known bug in GnuPG, and will
be fixed for the next version. If you have the ability to, I'd love
if you would try the patch at:
http://lists.gnupg.org/pipermail/gnupg-users/2008-June/033814.html
David
More information about the Gnupg-users
mailing list