Levels of validation

Christoph Klassen christoph-klassen at mail.de
Mon Jan 3 19:31:42 CET 2022


On Sun, 02 Jan 2022 19:45:27 +0100
Ingo Klöcker <kloecker at kde.org> wrote:  

> With regard to the validity of the two keys A and B the result of the
> last two cases are the same. But the semantics of key signatures and
> owner trust are completely different.

Sorry, I didn't say clear enough what I meant. For me personally it
wouldn't make any difference, if I sign a key or trust it (or better:
the owner) ultimately. In the end both keys are valid. And for others
there would also be no difference, if I would sign a key only locally. 

Only if I sign a key and upload it, it would make a difference because
the owner trust only affects the keys in my keyring, but the signed key
affects the validation, if other people own it.

Back to the question:
> > But, wouldn't it be the same
> > as when I sign a key? In the end both ways show that I trust the
> > key and if I sign a key I do trust it ultimately.

Practically it depends on if I upload the key. If I don't upload it, it
wouldn't make any difference. But, as you said, the semantics are
different.



More information about the Gnupg-users mailing list