KEYSERVER; Trust Model

Mike Acker Mike_Acker at charter.net
Mon Mar 21 17:09:59 CET 2011


On 03/21/2011 11:51, Jonathan Ely wrote:
> I notice the difference. That is something how manipulating one's key
> trust influences another.
>
> On 21/03/2011 11:41 AM, Mike Acker wrote:
>> > On 03/21/2011 09:08, Jonathan Ely wrote:
>>> >> Ah OK, now I understand. That last question depends on the facilitator:
>>> >> can that person be trusted? Assuming that person [in this case you] is a
>>> >> trustworthy individual, that would mean Tom should be able to be
>>> >> trusted. On the flip side, if the facilitator is not the believable type
>>> >> trusting Tom through you would not be a good ‘trust chain’.
>> > RIGHT!! we are not attempting to establish trust in this dialog, only
>> > trying to learn how to use the software
>> > 
>> > let me know if you get the right results on Tom's message by
>> > manipulating the trust level on my key
OK, Good!!

If you follow along you see: when Tom joins the group I get his key from
him and sign it. and then send it to the members of the group. If the
group members trust me to do this then they will get "good" signatures
from Tom.

Now: when Tom leaves the group I send you a certificate revoking my
signature from his key. this doesn't make his key dis-appear: it just
lets the group members know that Tom is no longer a group member.

I'm going to have to work on this a little though: because I have the
KEY PAIR on this machine when I try to generate the revoke certificate
it tries to revoke Tom's key rather than my signature from his key. VM
anyone? tee hee.

Kleo did let me export Tom's secret key. So what I'll do is: delete
Tom's key completely; import his public key and sign it and then
generate his revoke cert. theoretically then i can re-import is private
key and be back to square 1.

-- 
/MIKE


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110321/ef49c68f/attachment.pgp>


More information about the Gnupg-users mailing list