Aspects of trust
Grant Olson
kgo at grant-olson.net
Tue Jun 14 21:46:20 CEST 2011
On 6/14/11 3:35 PM, Kerrick Staley wrote:
> OK, I think I understand:
>
> Validity and trust are separate, but GnuPG lumps "validity" and
> "trust, for the sole purpose of signing others' keys" together into a
> single value (which is one of "unknown", "never", "marginal", "full",
> and "ultimate"). One can imagine situations in which a key's owner is
> "never" trusted to sign others' keys, but one would still like to keep
> track of how valid the key itself is ("unknown", "marginal" or
> "full"). However, such situations are corner cases, and GnuPG doesn't
> provide facilities for dealing with them.
>
> Is this correct?
>
> Thanks,
> Kerrick Staley
No. It's two values.
Validity is established by signing a key, or via web-of-trust calculations.
Trust is a different value, which can be set through --edit-key, or by
running "gpg --update-trustdb"
If you sign a key, establishing validity, but don't give it at least
marginal trust, it won't be used in your web-of-trust calculations.
--
Grant
"I am gravely disappointed. Again you have made me unleash my dogs of war."
More information about the Gnupg-users
mailing list