Changing & verifying the --max-cert-depth in Windows

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Mar 4 21:52:59 CET 2010


On 03/04/2010 01:01 PM, Grant Olson wrote:
> On 3/4/2010 12:45 PM, Daniel Kahn Gillmor wrote:
>> I'm also not sure what the "signed: 128" suggests in the "depth: 1"
>> line.  Surely of all 83 keys i've certified, they have collectively
>> issued more than 128 certifications themselves.  maybe someone else can
>> explain that bit?
> 
> I believe that's the number of keys they've signed that are in your
> keyring.  The signature attaches to the recipient's key, not the
> signer's.  So if you don't have the recipient's key in your keyring, you
> don't even know it's been signed by one of the keys you've certified.

I've got a large-ish keyring (>1300 keys), and it's fairly regularly
refreshed.  i'm pretty sure that of the 83 keys that i've signed,
they've made more than 128 certifications in aggregate, even if we only
count keys themselves and not UIDs (that is, even if a key with multiple
certified User IDs only counts once).

Is there another explanation?

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100304/582d6355/attachment-0001.pgp>


More information about the Gnupg-users mailing list