Changing & verifying the --max-cert-depth in Windows
Grant Olson
kgo at grant-olson.net
Thu Mar 4 22:33:44 CET 2010
On 3/4/2010 3:52 PM, Daniel Kahn Gillmor wrote:
> On 03/04/2010 01:01 PM, Grant Olson wrote:
>> On 3/4/2010 12:45 PM, Daniel Kahn Gillmor wrote:
>>> I'm also not sure what the "signed: 128" suggests in the "depth: 1"
>>> line. Surely of all 83 keys i've certified, they have collectively
>>> issued more than 128 certifications themselves. maybe someone else can
>>> explain that bit?
>>
>> I believe that's the number of keys they've signed that are in your
>> keyring. The signature attaches to the recipient's key, not the
>> signer's. So if you don't have the recipient's key in your keyring, you
>> don't even know it's been signed by one of the keys you've certified.
>
> I've got a large-ish keyring (>1300 keys), and it's fairly regularly
> refreshed. i'm pretty sure that of the 83 keys that i've signed,
> they've made more than 128 certifications in aggregate, even if we only
> count keys themselves and not UIDs (that is, even if a key with multiple
> certified User IDs only counts once).
>
> Is there another explanation?
>
> --dkg
>
But out of those 83, only 11 have marginal or full trust, right? A
signature isn't valid (for you) if they key isn't marginally or fully
trusted to begin with. Would you buy that number from the 11 valid and
trusted keys?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 552 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100304/da0ddf6b/attachment.pgp>
More information about the Gnupg-users
mailing list