Expanding web-of-trust with subkey

Teemu Likonen tlikonen at iki.fi
Thu Feb 16 15:31:18 CET 2017

Daniel Kahn Gillmor [2017-02-15 13:46:13-05] wrote:

> right, so your use of "trust-model direct" switches the meaning of the
> "trust" flag from its usual "ownertrust" semantics to be what we'd
> normally call "validity".
> Note also that when you mark a key itself as "trusted" in this way,
> you're asking GnuPG to treat *all* user IDs on it as valid.

> So if the keyholder updates their key at some point in the future to
> add a new User ID, your GnuPG installation is going to blindly accept
> that User ID as legitimate.

Yes. I have also considered (and used a little) local signatures for the
same use case: local-sign a key after checking it on a web page or in a
tofu-like manner. Local signature can obviously validate only selected
user ids but so far I've concluded that signatures are too strong
statement for not really checked "seems ok" keys. I know that there are
certification levels (like "--default-cert-level 1") but it's just
simpler to use "trust-model direct" and define the level directly.
Changing the decision later is also easier.

> please be aware that if you switch from "trust-model direct" to
> "trust-model tofu+pgp", then your previous assignments of "trust" will
> transform into indications of "ownertrust".

That has been my assumption. Thanks for verifying.

/// Teemu Likonen   - .-..   <https://keybase.io/tlikonen> //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 454 bytes
Desc: not available
URL: </pipermail/attachments/20170216/3c6cab64/attachment.sig>

More information about the Gnupg-users mailing list