[gnutls-dev] OpenPGP Keys
Simon Josefsson
simon at josefsson.org
Thu Apr 19 12:25:33 CEST 2007
Timo Schulz <twoaday at gmx.net> writes:
> Ludovic Courtès wrote:
>
>> refer to "signature packets" as found in a "transferable public key"?
>> How does it differ from a "keyring"?
>
> The trust db stores just the information how much you trust a key or
> better its owner. It does not contain any key data. OpenPGP applications
> might also store this _in_ the keyring and there is no extra file for it.
>
>
>> Then, what is "ownertrust" in RFC 2440 terms?
>
> See above. In GPG it is a value from 1 to 5 to the question:
>
> "how far you trust the owner of the key to correctly verify other keys"
>
> 1 = don't know or won't say
> 2 = do not trust
> 3 = trust marginally
> 4 = trust fully
> 5 = trust ultimate
>
> (5 is mostly useful for key pairs, other applications call it
> "implicit trust")
>
>
> I hope this explains the concept a little.
I still do not understand if this is a OpenPGP or GnuPG concept. If
it is a GnuPG concept, and there is no equivalent OpenPGP concept to
solve the same problem, I'm not sure we should use it.
However, maybe OpenCDK is already too GnuPG-specific so that we can't
really make OpenCDK non-GnuPG-specific anyway? Having more
documentation on the file formats that OpenCDK use would really help
me here.
> And I'm not exactly sure how the value is used in the openpgp
> implementation of GnuTLS. Probably a generic check to verify
> we have at least marginal trust for the peer key.
This relates to the current discussion on help-gnutls too, and it
seems safe to say that we don't know for sure what the solution will
be yet.
/Simon
More information about the Gnutls-devel
mailing list