certificate chain depth

Raimar Sandner lists at 404not-found.de
Sun Apr 26 00:18:05 CEST 2009

On Saturday 25 April 2009 22:00:05 John W. Moore III wrote:
> Raimar Sandner wrote:
> > In the end it is of course a people thing whether you trust a key or not,
> > no mathematical model ever can replace your final decision. So there is a
> > big difference in gpg saying "fully trusted" and you thinking "fully
> > trusted".
> This is why both Owner Trust & Calculated Trust exist.  One is a
> mathematical result and the other is a Personal evaluation.

Well, as I understand those two are quite different. The owner trust refers to 
my personal trust in the _owner_ of a key to correctyl sign other keys. The 
calculated trust refers to the validity of a _key_ (and is of course 
calculated  based on the ownertrust values belonging to the signatures 
attached to this key). So one is trust in a key (here gpg can give a hint) and 
one is trust in people (here gpg cannot say anything). But they are not trust 
values refering to the same thing, one being my opinion and one gpg's.


More information about the Gnupg-users mailing list