Managing the WoT with GPG

Neal H. Walfield neal at
Wed Jun 21 14:00:30 CEST 2017

At Wed, 21 Jun 2017 13:55:52 +0200,
martin f krafft wrote:
> also sprach Neal H. Walfield <neal at> [2017-06-21 11:53 +0200]:
> > > 3. Is there a way to run --check-trustdb or --update-trustdb not
> > >    over the entire key graph, but only traversing to a certain depth
> > >    starting from a specific key? Then I could tell parcimonie to run
> > >    --check-trustdb for every key it imports, or have mutt run
> > >    --update-trustdb for every key I want to use. This would
> > >    iteratively achieve the job with the benefit that no cycles would
> > >    be wasted processing trust for keys I never use. I understand
> > >    --edit-key can be used to change the ownertrust, but I don't
> > >    think it recomputes the WoT on change, does it?
> > > 
> > >    If there's no way to do this yet, would this be a useful addition
> > >    to the UI, assuming it's technically possible?
> > 
> > This isn't easy given the current implementation: GnuPG doesn't store
> > the graph, but traverses the graph and only saves whether a particular
> > key is trusted.
> It's gotta start somewhere, though, right? Can't it pick the leaf
> where to start?

It starts with the set of ultimately trusted keys.  But let's say that
you start with key X, which is not ultimately trusted.  What should
GnuPG do with the result?  Or, let's say that X is ultimately trusted
and it decides that key Y is only marginally trusted, but Y would have
been fully trusted if you started with all ultimately trusted keys.
How do you intelligently merge that?

More information about the Gnupg-users mailing list