How to change trust model

Per Tunedal Casual pt at radvis.nu
Wed May 11 02:22:28 CEST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 00:21 2005-05-11, David Shaw wrote:
 >On Wed, May 11, 2005 at 12:16:03AM +0200, Per Tunedal Casual wrote:
 >
 >> Scenario:
 >> A new user has to quickly download keys to his contacts. The keys
 >> are
 >> signed by a mutually trusted CA.
 >> How can he get valid keys to use trusting the CA, rather than
 >> having
 >> to check  and sign each of them?
 >
 >You don't need trust signatures or any special trust models for this.
 >If you trust the CA, sign the CA key.  If the CA has signed your
 >contacts, then you're done.  The contact keys are now valid.
 >
 >David
 >
Yes, David, you are right. I want a bit more.

Some contacts may not be directly signed by the CA, then the trust
model will be important, I suppose. How can the signature of the CA be
useful as far down the tree as possible?

Can you please explain the PGP-model and how to issue trust signatures
(tsign), with the implications for the validity of keys.

Per Tunedal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Vad är en PGP-signatur? www.clipanish.com/PGP/pgp.html

iD8DBQFCgVA+pPsTvNtsBX8RAm1PAJ9Ooh26ST8FCdRPJEwYdTQlFJYQgwCgh8Ck
Tc1x/ILLENZb6XpjzXfS4j4=
=T5eB
-----END PGP SIGNATURE-----





More information about the Gnupg-users mailing list