onwnertrust and trust signature (tsig) interactions [was: Re: preferring --check-sigs over --list-sigs]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Sep 28 19:13:10 CEST 2017
On Thu 2017-09-28 15:18:09 +0200, Peter Lebbing wrote:
> It is a SHA256 trust signature issued by an RSA key. I think it's odd
> they issue a level 1 partial trust signature, but I'd guess they think
> they're doing their users a service by making it possible to
> automatically assign partial trust to all keys signed by them, if you
> want to. Don't worry, this won't happen unless you issue at least a
> level 2 trust signature to Governikus. At least, I'm fairly sure it's
> not enough to simply assign full ownertrust to Governikus, ownertrust
> and trust signatures don't interact, right?
Yes, ownertrust and trust signatures do interact.
a trust signature (tsig) made by a key that you have set ultimate
ownertrust on delegates some of that ownertrust via trust signatures.
I thought that was also true for full ownertrust, but i'm unable to
replicate it with an experimental keyring. Perhaps Werner or someone
else closer to the trust management code can comment on the expected
behavior?
--dkg
More information about the Gnupg-users
mailing list