[gnutls-dev] OpenPGP Keys

Simon Josefsson simon at josefsson.org
Thu Apr 19 15:41:42 CEST 2007


ludovic.courtes at laas.fr (Ludovic Courtès) writes:

> Hi,
>
> Timo Schulz <twoaday at gmx.net> writes:
>
>> See above. In GPG it is a value from 1 to 5 to the question:
>>
>> "how far you trust the owner of the key to correctly verify other keys"
>>
>> 1 = don't know or won't say
>> 2 = do not trust
>> 3 = trust marginally
>> 4 = trust fully
>> 5 = trust ultimate
>>
>> (5 is mostly useful for key pairs, other applications call it
>>  "implicit trust")
>
> Simon Josefsson <simon at josefsson.org> writes:
>
>> I still do not understand if this is a OpenPGP or GnuPG concept.  If
>> it is a GnuPG concept, and there is no equivalent OpenPGP concept to
>> solve the same problem, I'm not sure we should use it.
>
> This seems to be a GnuPG feature [0], not an OpenPGP thing.

Thanks.  If this information is stored in binary-only non-standardized
GnuPG-defined formats, I don't think OpenCDK should be reading these
files at all, at least not without more syncing with the GnuPG people.

> It tells whether you consider the owner of the public key to be a
> "trusted introducer", i.e., someone who makes careful key ownership
> verifications before signing somebody else's key.
>
> This is used to estimate the trustworthiness of a certificate based on
> the signatures it contains, in a pure web-of-trust fashion (see the
> example in [1]).
>
> RFC 2440 defines no such thing AFAICS.  Nevertheless, this may be a
> useful tool for GnuTLS, too (see the discussion on `help-gnutls').

Yup, GnuTLS probably needs something like it, but it could be a simple
text file.

Is it possible to export the trust information in GnuPG easily?  Then
we could write a script to export it from GnuPG databases if people
need that functionality.

/Simon



More information about the Gnutls-dev mailing list