Semantics of WOT and Subkeys
evan at eklitzke.org
Thu Apr 19 04:12:39 CEST 2018
I am trying to understand the semantics of how GnuPG's WOT model
interacts with subkeys. This is a pretty basic question, so feel free to
direct me to existing resources if there are any; there must be
something written on this topic already, but I failed to find anything.
Suppose Alice and Bob want to start using PGP, so they both install GPG
and create keypairs. At this point in time they both sign each other's
keys, meaning that they sign each other's master/certification key.
Later Alice learns about subkeys, so she creates a new signing subkey
for signing her mail/git commits/whatever. How does this work when Bob
sees the new subkey? Does Bob/GPG treat the signing subkey to be just as
trusted as Alice's master key? Or is it somehow treated as less trusted,
since it's one step away from the master key?
Similarly, let's say Carol also starts using PGP, and Alice signs
Carol's key. From Bob's point of view, is there a difference which key
(the master key or the subkey) Alice used when signing Carol's key?
Evan Klitzke pgp: 0x157EFCACBC648422
e: evan at eklitzke.org w: https://eklitzke.org
More information about the Gnupg-users