onwnertrust and trust signature (tsig) interactions

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Sep 28 20:27:13 CEST 2017


On Thu 2017-09-28 20:15:33 +0200, Peter Lebbing wrote:
> So even if the person who has my full trust tsigns some key, I would
> like to treat that signature as a regular key validating signature, and
> wouldn't want it to influence ownertrust assigned to the person holding
> that signed key.

I understand where you're coming from, and i think your interpretation
is a (very) sensible one.  And indeed, the only place that i've actually
used trust signatures (monkeysphere-authentication) uses them directly
from an ultimately-trusted key.

I hope that my own idea about them chaining from non-ultimately-trusted
keys is simply wrong :)

> When I'm trying to explain the Web of Trust here on the list, I usually
> say "don't bother with or worry about trust signatures, they're only
> used in very specific settings". If, however, they do affect the regular
> Web of Trust, I've been explaining it wrong all along.

If your interpretation is how GnuPG implements them, then the right way
to introduce/avoid them in a training is:

 * don't bother with trust signatures or worry about them.  As long as
   you don't issue any yourself, and as long as you don't assign
   ultimate ownertrust to any keys that you do not control, they won't
   have any effect on you.

that's already too complicated :(  But i agree that it's way better than
"oh yeah, and if you assign full ownertrust to someone else, then they
can trivially delegate it away at infinite depth <insert discussion
about tsig depth>" -- yikes!

hopefully we'll get some clarification (and hopefully your
interpretation matches the intended implementation)!

  --dkg



More information about the Gnupg-users mailing list