Trust model - trust level 1 and 2

Jerome Baum jerome at jeromebaum.com
Thu Aug 11 20:05:55 CEST 2011


> Is there any difference in the standard trust model between marking a
> key level 1 ("I don't know or won't say") and level 2 ("I do NOT
> trust")?

There isn't really a "standard trust model". What you should really do
is have a key signing policy and embed the URL to that policy with
every signature (plus, obviously, sign the policy). e.g. pipe
<http://jeromebaum.com/jerome.asc> through "gpg --list-packets" and
you'll see that the link to my signing policy is
<http://jeromebaum.com/policy.html> and per the footnote there you can
find the signature at <http://jeromebaum.com/policy.html.asc>.

That said, I believe the standard says something like "0x11 means 'I
didn't really check' " -- read your own thing into that but to me it
means the level is useless. 0x12 is a moderate check and 0x13 an
in-depth check, which everyone interprets differently.

-- 
Jerome Baum

Hessenweg 222
48432 Rheine
GERMANY

tel +49-1578-8434336
email jerome at jeromebaum.com
web www.jeromebaum.com
--
Einigkeit und Recht und Modeerscheinung
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
--
http://five.sentenc.es



More information about the Gnupg-users mailing list