UI terminology for calculated validities

Peter Lebbing peter at digitalbrains.com
Wed Apr 23 00:11:22 CEST 2014

On 22/04/14 23:58, Daniel Kahn Gillmor wrote:
> If i grant "marginal" ownertrust to both A and B, then X only needs one
> other friend to collaborate to get my gnupg implementation to accept
> certificates that i'm not intending to accept.

I might have snipped my quote too much. Hauke was arguing that the term
"ownertrust" is not correct because it is not about trust in the owner, but
trust in specific keys.

In your example, you do not trust the two keys differently[1]. However, due to a
technicality, you can't assign both the same ownertrust, because they would add
up. I don't think this is a fundamental thing that changes the concept of
ownertrust, it is an unfortunate technicality. If GnuPG were somehow enhanced
that you could mark them as "this is the same person", you would assign both
"marginal" and benefit from certifications of either key. If it's that easily
fixed, it's not a fundamental issue in my book.


[1] Although you might mistrust a key that's no longer considered secure by
current cracking standards. Again, not an issue with trust in the owner, but a

I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

More information about the Gnupg-users mailing list