basic identity mgmt

Peter Lebbing peter at
Mon Jan 11 21:46:54 CET 2016

On 11/01/16 17:35, Lachlan Gunn wrote:
> I actually ran into this issue the other day.  For me it's problematic because
> my certification key is on an offline machine, so it's inconvenient to have to
> power it up and do a round-trip through the airgap when I'm not going to
> propagate the signature anyway.

You can only do an uncommon all-or-nothing change: with --trust-model direct,
you can set key validity directly, just like ownertrust in most other models,
but this means the Web of Trust and certification signatures are completely
unused, AFAIK. I'm not recommending either for or against it, I'm just throwing
it out there as an available option.

This apart from the already mentioned tofu+pgp.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list