[gnutls-dev] OpenPGP Keys

Simon Josefsson simon at josefsson.org
Thu Apr 19 12:25:33 CEST 2007


Timo Schulz <twoaday at gmx.net> writes:

> Ludovic Courtès wrote:
>
>> refer to "signature packets" as found in a "transferable public key"?
>> How does it differ from a "keyring"?
>
> The trust db stores just the information how much you trust a key or
> better its owner. It does not contain any key data. OpenPGP applications
> might also store this _in_ the keyring and there is no extra file for it.
>
>
>> Then, what is "ownertrust" in RFC 2440 terms?
>
> See above. In GPG it is a value from 1 to 5 to the question:
>
> "how far you trust the owner of the key to correctly verify other keys"
>
> 1 = don't know or won't say
> 2 = do not trust
> 3 = trust marginally
> 4 = trust fully
> 5 = trust ultimate
>
> (5 is mostly useful for key pairs, other applications call it
>  "implicit trust")
>
>
> I hope this explains the concept a little.

I still do not understand if this is a OpenPGP or GnuPG concept.  If
it is a GnuPG concept, and there is no equivalent OpenPGP concept to
solve the same problem, I'm not sure we should use it.

However, maybe OpenCDK is already too GnuPG-specific so that we can't
really make OpenCDK non-GnuPG-specific anyway?  Having more
documentation on the file formats that OpenCDK use would really help
me here.

> And I'm not exactly sure how the value is used in the openpgp
> implementation of GnuTLS. Probably a generic check to verify
> we have at least marginal trust for the peer key.

This relates to the current discussion on help-gnutls too, and it
seems safe to say that we don't know for sure what the solution will
be yet.

/Simon



More information about the Gnutls-dev mailing list