PGP doesn't import trust signatures w/ depth > 8 on keys exported with GPG
David Shaw
dshaw at jabberwocky.com
Fri Jun 13 21:03:24 CEST 2008
On Fri, Jun 13, 2008 at 11:35:08AM -0700, bezna wrote:
>
> Hi,
>
> I'm using PGP Desktop 9.8 and I noticed when I export a public key from GPG
> and import it in PGP, any trust signatures made on it with GPG and given a
> depth greater than 8 are lost. Presumably this is because of constraints
> within PGP, IE the maximum trust depth that can be set in PGP for a
> signature is 8.
>
> I was wondering if anyone can provide a rationalization for why this
> is?
I could make a guess (8 is a huge depth already and so they capped it
there to simplify things?), but it would really be just a guess. I
suggest contacting the PGP folks and asking them. They're a very
responsive company. Let us know what you find out.
> Ostensibly even a trust signature of depth 2 carries enormous power with it,
> but there is no such cap on GPG. Furthermore, why are signatures in GPG with
> a trust depth greater than 9 marked as a 'T' on listings, even though the
> depth of the signature still matters (e.g. a trust signature with a depth of
> 14 is still more powerful than one of depth 12, even though they're both
> labelled 'T').
This one I can answer, as I wrote that part of the code. The reason
that GPG marks signatures with a depth greater than 9 as 'T' in a
signature listing is simply because the signature listing is
formatted, and I only had room for a single digit without reformatting
the display. Thus, 'T' in this case just means "more than 9". Note
that this is strictly a display convention, and the internal trust
calculations use the real number of course.
David
More information about the Gnupg-users
mailing list