Robot CA at toehold.com
Julian T J Midgley
jtjm@xenoclast.org
Mon Dec 9 15:33:01 2002
On Mon, 9 Dec 2002, Huels, Ralf SCORE wrote:
>
> Even now you will have to consider every link in a given
> trust path.
Agreed absolutely - consequently, it would be nice if there were some
option to GPG to get it to display the trust-path (based on your own
keyring) to a key it found to be valid during a --update-trustdb, so that
you could easily make a considered judgment about whether you agreed with
the proposed validity of the key.
(There are some keys five or six hops from my own that I can be
very certain are valid, since I know all the signatories en route to
be highly responsible signers, whilst there others only three hops away
that I wouldn't actually want to trust for anything more than the most
casual of correspondence, since I've no knowledge of the key signing
habits of the signatories concerned. The marginal/complete trust model and
completes-needed/marginals-needed configurables are inadequate for
dealing with this. Making calculated trust-paths visible would making
key-ring management both easier and more flexible.
pathfinder and other keyserver keyring based solutions to the path problem
are also inadequate, since they've no knowledge of the assigned
ownertrust.
Julian
--
Julian T. J. Midgley http://www.xenoclast.org/
Cambridge, England.
PGP: BCC7863F FP: 52D9 1750 5721 7E58 C9E1 A7D5 3027 2F2E BCC7 863F