Expanding web-of-trust with subkey
Peter Lebbing
peter at digitalbrains.com
Wed Feb 15 13:34:39 CET 2017
On 15/02/17 04:02, Didrik Nordström wrote:
> I wanted to send an email to a new contact (a bug report to a software
> project) so I added the public key and assigned it "Fully trusted" (4).
In addition to Kristian's answer, let me clarify:
"Ownertrust" is your assessment of how much you want to trust
certifications *done* by this person. So if this person A signed the key
of a person B, it determines whether this makes key B valid for you. It
does not relate to the validity of the key of person A!
I've written a bit about ownertrust for the keysigning party we held
last December:
<https://events.ccc.de/congress/2016/wiki/Session:Keysigning_party/Background>
In particular, the first section is relevant.
> Does this have to do with me not having signed the key? If I assigned it
> "Ultimate trust" (5) the warning disappeared.
"Ultimate trust" is the odd one out and is generally only used for your
own keys. This makes the key valid even without a signature.
> So.. Do I need access to my master key in order to expand my web of
> trust? This seems like quite a restriction.
You could also perhaps take a look at TOFU rather than the Web of Trust.
You do need GnuPG 2.1 for that.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170215/af68dd37/attachment.sig>
More information about the Gnupg-users
mailing list