[gnutls-dev] OpenPGP Keys
Ludovic Courtès
ludovic.courtes at laas.fr
Thu Apr 19 14:32:22 CEST 2007
Hi,
Timo Schulz <twoaday at gmx.net> writes:
> See above. In GPG it is a value from 1 to 5 to the question:
>
> "how far you trust the owner of the key to correctly verify other keys"
>
> 1 = don't know or won't say
> 2 = do not trust
> 3 = trust marginally
> 4 = trust fully
> 5 = trust ultimate
>
> (5 is mostly useful for key pairs, other applications call it
> "implicit trust")
Simon Josefsson <simon at josefsson.org> writes:
> I still do not understand if this is a OpenPGP or GnuPG concept. If
> it is a GnuPG concept, and there is no equivalent OpenPGP concept to
> solve the same problem, I'm not sure we should use it.
This seems to be a GnuPG feature [0], not an OpenPGP thing.
It tells whether you consider the owner of the public key to be a
"trusted introducer", i.e., someone who makes careful key ownership
verifications before signing somebody else's key.
This is used to estimate the trustworthiness of a certificate based on
the signatures it contains, in a pure web-of-trust fashion (see the
example in [1]).
RFC 2440 defines no such thing AFAICS. Nevertheless, this may be a
useful tool for GnuTLS, too (see the discussion on `help-gnutls').
Thanks,
Ludovic.
[0] http://www.gnupg.org/gph/en/manual.html#AEN346
[1] http://www.gnupg.org/gph/en/manual.html#AEN385
More information about the Gnutls-devel
mailing list