Changing & verifying the --max-cert-depth in Windows

Grant Olson kgo at
Thu Mar 4 22:33:44 CET 2010

On 3/4/2010 3:52 PM, Daniel Kahn Gillmor wrote:
> On 03/04/2010 01:01 PM, Grant Olson wrote:
>> On 3/4/2010 12:45 PM, Daniel Kahn Gillmor wrote:
>>> I'm also not sure what the "signed: 128" suggests in the "depth: 1"
>>> line.  Surely of all 83 keys i've certified, they have collectively
>>> issued more than 128 certifications themselves.  maybe someone else can
>>> explain that bit?
>> I believe that's the number of keys they've signed that are in your
>> keyring.  The signature attaches to the recipient's key, not the
>> signer's.  So if you don't have the recipient's key in your keyring, you
>> don't even know it's been signed by one of the keys you've certified.
> I've got a large-ish keyring (>1300 keys), and it's fairly regularly
> refreshed.  i'm pretty sure that of the 83 keys that i've signed,
> they've made more than 128 certifications in aggregate, even if we only
> count keys themselves and not UIDs (that is, even if a key with multiple
> certified User IDs only counts once).
> Is there another explanation?
> 	--dkg

But out of those 83, only 11 have marginal or full trust, right?  A
signature isn't valid (for you) if they key isn't marginally or fully
trusted to begin with.  Would you buy that number from the 11 valid and
trusted keys?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 552 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100304/da0ddf6b/attachment.pgp>

More information about the Gnupg-users mailing list