Managing the WoT with GPG

martin f krafft madduck at
Thu Jun 22 16:06:03 CEST 2017

also sprach Peter Lebbing <peter at> [2017-06-22 15:46 +0200]:
> > As far as I understand, the parameters --marginals-needed and
> > --completes-needed can be used to define a maximum search depth D,
> > so when I ask GPG to update the trustdb WRT key 0xdeadbeef, then I'd
> > envision it to
> Don't you mean
> >        --max-cert-depth n
> >               Maximum depth of a certification chain (default is 5).
> ? I don't see how --*-needed would limit the search depth, other than
> that for an actual keyset increasing them would effectively probably
> decrease the actual depth.

Yeah, that too.

> 1) Consider every key signature potentially valid. Construct the
>    graph of signatures. Discard anything that is not rooted in an
>    ultimately trusted key.

That sounds like a worthwhile optimisation, indeed.

> 3) Start at the ultimately trusted keys and consider each signature that
> corresponds to an edge going out of a valid key. Check signatures until
> full validity of a key is reached (or all signatures on a key have been
> checked). Stop checking then; it can't become more than fully valid by
> more signatures. The fact that a key has been added to the valid keys
> means you now have more edges going out from a valid key; keep repeating.

And so does this…

@martinkrafft | |
"durch frauen werden die höhepunkte des lebens bereichert
 und die tiefpunkte vermehrt."
                                                 - friedrich nietzsche
spamtraps: madduck.bogus at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: digital_signature_gpg.asc
Type: application/pgp-signature
Size: 1118 bytes
Desc: Digital GPG signature (see
URL: </pipermail/attachments/20170622/0818f209/attachment.sig>

More information about the Gnupg-users mailing list