certificate chain depth

david david at gbenet.com
Sat Apr 25 20:58:44 CEST 2009

Hash: SHA1

Raimar Sandner wrote:
> Hello,
> when gnupg trusts a key as a result of trustdb calculations, I would
> like to know what the chain depth for the given key is.
> I know that I can control the maximal acceptable depth with the
> max-cert-depth configuration parameter. I would like to keep the
> default of 5, but it is still a difference regarding the
> trustworthiness of a key if it is frully trusted in, say, third or 
> fifth level.
> Manually following the trust chains can be annoying, and could also
> lead to false conclusions as in the following small example:
> Say we have marginals-needed=2, completes-needed=1 and the web of 
> trust is
> #   me -> A ---------> E
> #   |     \---> D ----/
> #   \-> B -> C /
> with the ownertrust values
> A: marginal
> D: marginal
> C: marginal
> B: full
> On a first glance one might think as we have the chains me->A->E and
> me->A->D->E, that E is fully trusted in third level. But because D
> only is trusted in third level (me->B->C->D), E is actually trusted
> in fourth level. This rapidly gets more complex with a growing web
> of trust.
> As of now I can only think of gradually reducing max-cert-depth,
> recalculating trustdb and see, if a given key stays fully trusted.
> Is there a better way to determin the cert depth? If not, I think
> this would be a nice feature to implement.
> Cheers, 
>     Raimar
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

Hi, I don't wish to be over-simplistic, but I had thought that the web
of trust was a people thing rather than a mathematical model.

I can appreciate it's difficult to form a web of trust between people
that you never meet - like me posting here - the idea I thought was to
develop such networks through people that one knows - or gets to know
via  shared contacts - shared experiences - common interests and concerns.

What is trust anyway? Common shared values? How does one measure that
with the depth of signed keys?

Ok so I'm being a bit philosophical

Best Wishes :)

- --
Confidentiality Statement

Wisdom is knowing what to do with what you know. This message and any
attachments are solely for the intended recipient and may contain
confidential or privileged information. If you are not the intended
recipient, any disclosure, copying, use, or distribution of the
information included in this message and any attachments is prohibited.
If you have received this communication in error email
postmaster at gbenet.com. Thank you.
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org


More information about the Gnupg-users mailing list