the GPG trust model
Len Sassaman
rabbi at abditum.com
Wed Oct 16 14:18:09 CEST 2002
On 30 Sep 2002, Adrian 'Dagurashibanipal' von Bidder wrote:
> On Mon, 2002-09-30 at 20:42, Joel N. Weber II wrote:
>
> > There's also the problem of people who cross-sign their own keys. I'm
> > willing to trust cross signed keys somewhat morethan I'm willing to
> > trust a key to sign other people's keys in some cases, and GPG doesn't
> > give me an easy way to express that.
>
> Hmmm. This reminds me of a wishlist type request I've thought of some
> time back:
>
> I want to be able to specify that two keys belong to the same person and
> should be considered equal in trust calculation (meaning primarily: the
> hop should not be counted, and signatures with marginal trust should be
> added up over both keys).
FYI, PGP does this as of 5.0. If key A has a user-id identical to key B,
and the userid on key B is signed by key A, key B is considered identical
to key A for trust calculations.
(I think that's right. Phil Zimmermann explained this to me briefly over
lunch, and I'm not sure I remember it exactly. It's not documented
anywhere. You could double check with him to make sure I got the details
right.)
(IMO, we really need an OpenPGP Trust Calculation RFC...)
--Len.
More information about the Gnupg-devel
mailing list