certificate chain depth
Raimar Sandner
lists at 404not-found.de
Sun Apr 26 00:18:05 CEST 2009
On Saturday 25 April 2009 22:00:05 John W. Moore III wrote:
> Raimar Sandner wrote:
> > In the end it is of course a people thing whether you trust a key or not,
> > no mathematical model ever can replace your final decision. So there is a
> > big difference in gpg saying "fully trusted" and you thinking "fully
> > trusted".
>
> This is why both Owner Trust & Calculated Trust exist. One is a
> mathematical result and the other is a Personal evaluation.
>
Well, as I understand those two are quite different. The owner trust refers to
my personal trust in the _owner_ of a key to correctyl sign other keys. The
calculated trust refers to the validity of a _key_ (and is of course
calculated based on the ownertrust values belonging to the signatures
attached to this key). So one is trust in a key (here gpg can give a hint) and
one is trust in people (here gpg cannot say anything). But they are not trust
values refering to the same thing, one being my opinion and one gpg's.
Greetings,
Raimar
More information about the Gnupg-users
mailing list