influence of signature type on trustdb

David Shaw dshaw at jabberwocky.com
Thu Feb 7 17:25:12 CET 2013


On Feb 7, 2013, at 9:56 AM, Niels Laukens <niels at dest-unreach.be> wrote:

> On 2013-02-07 15:09, David Shaw wrote:
>> On Feb 7, 2013, at 5:12 AM, Niels Laukens <niels at dest-unreach.be> wrote:
>> 
>>> Hi,
>>> 
>>> I'm trying to figure out what the influence is of the different
>>> signature types (0x10-0x13). As far as I can tell, they only _indicate_
>>> the signers trust in his own sig, but isn't used in any way by GPG. Is
>>> this correct?
>> 
>> Basically correct. All of the signature types are equal except for 
>> the influence of --min-cert-level. By default, that's set to 2, so
>> the 0x11 "persona" signature is ignored when building the trustdb. A
>> signature whose very definition indicates that the person didn't
>> check before making it, is probably one you want to skip :)
> 
> OK, would it make sense to use this level in the trust calculation?
> Similar to the `marginal` ownertrust: three type 0x12 sigs equivalent to
> one type 0x13 sig? With the numbers configurable, preferably.
> 
> I guess this would make the trustdb calculations a little more
> complicated, because both ownertrust and siglevel need to be taken into
> account, but to me it feels like a "better" way.
> 
> Or am I missing some obvious reasons why this is a bad idea?

Nope, this could be done.  There are a few reasons it hasn't, including that it would make the trust model incompatible (in the sense that a path that exists using GnuPG might not exist in PGP and vice versa) with other implementations.

There is no reason why someone couldn't write an *additional* trust model that takes that into account, though.  It just takes someone who wants it badly enough.  The OpenPGP standard doesn't have much to say about different trust models - it's mostly left up to the implementations to decide how to resolve whether a key is considered usable or not.

David




More information about the Gnupg-users mailing list