Web of Trust and validation of keys

franek.wiertara franek.wiertara at onet.eu
Sat May 12 18:09:45 CEST 2018

I am sorry if you find my comment a little less understanding. English is not my first language. Hopefully, I have described my problem clearly enough :)
I have two problems.
1. I am not entirely sure what exactly marginally valid keys do and when they become marginally valid. I thought keys would either be valid or not!
2. I am also not fully confident in understanding Web of Trust. I have just got some bits today :)
I realised, after reading the The GNU Privacy Handbook, if a key becomes valid due to the Web of Trust or signed personally, it can "participate" in validation of next keys, depending on my trust. What exactly happen if a key is marginally valid?
I also provided some scenarios based on the website and an example of a network:
          .---> Blake ---.
         /                \
Alice ---                   ---> Chloe ---> Elena ---> Geoff
         \                /          \
          *---> Dharma --*            \
                          \            \
                           *----------->*---> Francis.
Let's say Blake's and Dharma's keys are always valid because they are signed by Alice. In case any of those keys are fully trusted, Chloe's and Francis' keys will be fully validated. If Both Blake's and Dharma's keys are marginally trusted, Chloe's key will be still fully validated but Franci's will only be marginally validated.
Now, when Chloe's key is fully valid, what happen to Elenaa's key? Will it become a fully or marginally valid key? I think it depends on whether I fully or marginally trust Chloe's key.
There is lot of situations when keys can become marginally valid. I am guessing, marginal validation sort of blocks a further validation on the path. I am wondering why we are not simply to say that a key can be either valid or not? What am I missing? What is the consequence of a marginal validation?
PS. For the example, I followed the assumptions from the website: "... two marginally-trusted keys or one fully-trusted key is needed to validate another key. The maximum path length is three."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180512/1fa7d9c3/attachment.html>

More information about the Gnupg-users mailing list