onwnertrust and trust signature (tsig) interactions

Peter Lebbing peter at digitalbrains.com
Thu Sep 28 20:15:33 CEST 2017


I didn't formulate what I meant well enough, I think. Sorry.

On 28/09/17 19:13, Daniel Kahn Gillmor wrote:
> Yes, ownertrust and trust signatures do interact.
> 
> a trust signature (tsig) made by a key that you have set ultimate
> ownertrust on delegates some of that ownertrust via trust signatures.

Fair enough; that I would expect, actually. It has to start somewhere,
and that's what "ultimate" is for, on your own keys. If "ultimate" keys
didn't have this capability, there would be no root for the trust
signatures.

> I thought that was also true for full ownertrust, but i'm unable to
> replicate it with an experimental keyring.

This I would not expect, but it is what I meant with my comment: do they
interact in this case, or not?

First of all, trust signatures indicate a maximum depth. Regular full
ownertrust does not; so are we to interpret this as unlimited depth
then? That sounds wrong.

Secondly, it seems undesirable. If I /want/ to delegate trust decisions,
I would tsign somebody, along with a maximum depth that is no deeper
than necessary[1]. However, if I just regular-sign :) their key and
assign ownertrust, what I'm trying to say is: "I trust this person to
check identities well". I'm not saying "I trust this person to decide
for me whether other people are trustworthy". I don't even care about
the whole trust signature business unless I tsigned some key myself. In
other words, as long as I don't tsign anything myself, I want
trust-model pgp to behave as trust-model classic. It seems to be the
path of least surprise.

So even if the person who has my full trust tsigns some key, I would
like to treat that signature as a regular key validating signature, and
wouldn't want it to influence ownertrust assigned to the person holding
that signed key.

When I'm trying to explain the Web of Trust here on the list, I usually
say "don't bother with or worry about trust signatures, they're only
used in very specific settings". If, however, they do affect the regular
Web of Trust, I've been explaining it wrong all along.

> Perhaps Werner or someone
> else closer to the trust management code can comment on the expected
> behavior?

I'd like that as well. Because I was almost convinced that full
ownertrust would not "activate" trust signatures, but wanted to err on
the side of caution and not state this as truth while unverified. But if
/you/, so close to the kitchen, actually thought differently, I think
it's important to figure out what it is, or is meant to be.

Cheers,

Peter.

[1] As determined by company signing policy, for instance.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170928/1aa567c9/attachment.sig>


More information about the Gnupg-users mailing list