[gnutls-dev] OpenPGP Keys

Ludovic Courtès ludovic.courtes at laas.fr
Thu Apr 19 14:32:22 CEST 2007


Timo Schulz <twoaday at gmx.net> writes:

> See above. In GPG it is a value from 1 to 5 to the question:
> "how far you trust the owner of the key to correctly verify other keys"
> 1 = don't know or won't say
> 2 = do not trust
> 3 = trust marginally
> 4 = trust fully
> 5 = trust ultimate
> (5 is mostly useful for key pairs, other applications call it
>  "implicit trust")

Simon Josefsson <simon at josefsson.org> writes:

> I still do not understand if this is a OpenPGP or GnuPG concept.  If
> it is a GnuPG concept, and there is no equivalent OpenPGP concept to
> solve the same problem, I'm not sure we should use it.

This seems to be a GnuPG feature [0], not an OpenPGP thing.

It tells whether you consider the owner of the public key to be a
"trusted introducer", i.e., someone who makes careful key ownership
verifications before signing somebody else's key.

This is used to estimate the trustworthiness of a certificate based on
the signatures it contains, in a pure web-of-trust fashion (see the
example in [1]).

RFC 2440 defines no such thing AFAICS.  Nevertheless, this may be a
useful tool for GnuTLS, too (see the discussion on `help-gnutls').


[0] http://www.gnupg.org/gph/en/manual.html#AEN346
[1] http://www.gnupg.org/gph/en/manual.html#AEN385

More information about the Gnutls-devel mailing list