gnupg at leo.gaspard.ninja
Wed Jul 3 21:14:00 CEST 2019
Alyssa Ross <hi at alyssa.is> writes:
>> > For example, why isn't ask-cert-level a default?
>> For an alternative view on ask-cert-level see also:
> Oh, interesting. Thank you for showing this to me. I had it in my head
> that a "weak" signature would count as a marginal in the web of trust,
> but I suppose I was wrong about that.
> In that case, I agree that ask-cert-level doesn't make sense as a
Well, that's also an ecosystem issue, and if I'm not mistaken this
thread (or was it another one?) was going quite far in the “let's fix
the ecosystem and keep the standard” direction.
“weak” *could* be used for verification. For instance, if I were to
write an OpenPGP client, I'd likely make it so that:
* Trust (which is 0-255 in the standard) is a slider with marks like “I
trust not at all|a bit|a lot| completely” (with a proper sentence so
that people understand, not like what I'm putting here)
* Signature level (4 levels in the standard) is a similar slider
* Both trust and signature level are mapped to a [0, 1] value, and
multiplied to get the amount of confidence we have thanks to this
particular signature that the key is correct
* All such amounts of confidence get added, and the “3-marginals or
1-full” rule becomes a simple number that needs to be passed with this
addition (also configured as a slider with some “normal user / … /
paranoïd user” landmarks)
(for trust signatures, in such a scheme they'd first be cut off to
follow the OpenPGP certification, and then get multiplied by the length
of the path, to account for decreasing trust along longer paths)
This is compatible with RFC4880 (well, except it doesn't respect the
“SHOULD” that full trust is 120 and marginal 60, because it actually
uses the whole range).
So ask-cert-level might make sense as a default. Just not as GnuPG's
default, as GnuPG doesn't have such a behavior (and no client that I
know of currently do). But someday, maybe.
More information about the Gnupg-users