[gnutls-dev] OpenPGP Keys
Simon Josefsson
simon at josefsson.org
Thu Apr 19 15:41:42 CEST 2007
ludovic.courtes at laas.fr (Ludovic Courtès) writes:
> Hi,
>
> Timo Schulz <twoaday at gmx.net> writes:
>
>> See above. In GPG it is a value from 1 to 5 to the question:
>>
>> "how far you trust the owner of the key to correctly verify other keys"
>>
>> 1 = don't know or won't say
>> 2 = do not trust
>> 3 = trust marginally
>> 4 = trust fully
>> 5 = trust ultimate
>>
>> (5 is mostly useful for key pairs, other applications call it
>> "implicit trust")
>
> Simon Josefsson <simon at josefsson.org> writes:
>
>> I still do not understand if this is a OpenPGP or GnuPG concept. If
>> it is a GnuPG concept, and there is no equivalent OpenPGP concept to
>> solve the same problem, I'm not sure we should use it.
>
> This seems to be a GnuPG feature [0], not an OpenPGP thing.
Thanks. If this information is stored in binary-only non-standardized
GnuPG-defined formats, I don't think OpenCDK should be reading these
files at all, at least not without more syncing with the GnuPG people.
> It tells whether you consider the owner of the public key to be a
> "trusted introducer", i.e., someone who makes careful key ownership
> verifications before signing somebody else's key.
>
> This is used to estimate the trustworthiness of a certificate based on
> the signatures it contains, in a pure web-of-trust fashion (see the
> example in [1]).
>
> RFC 2440 defines no such thing AFAICS. Nevertheless, this may be a
> useful tool for GnuTLS, too (see the discussion on `help-gnutls').
Yup, GnuTLS probably needs something like it, but it could be a simple
text file.
Is it possible to export the trust information in GnuPG easily? Then
we could write a script to export it from GnuPG databases if people
need that functionality.
/Simon
More information about the Gnutls-devel
mailing list