also sprach Peter Lebbing <pe...@digitalbrains.com> [2017-06-22 15:46 +0200]: > > As far as I understand, the parameters --marginals-needed and > > --completes-needed can be used to define a maximum search depth D, > > so when I ask GPG to update the trustdb WRT key 0xdeadbeef, then I'd > > envision it to > > Don't you mean > > > --max-cert-depth n > > Maximum depth of a certification chain (default is 5). > > ? I don't see how --*-needed would limit the search depth, other than > that for an actual keyset increasing them would effectively probably > decrease the actual depth.
Yeah, that too. > 1) Consider every key signature potentially valid. Construct the > graph of signatures. Discard anything that is not rooted in an > ultimately trusted key. That sounds like a worthwhile optimisation, indeed. > 3) Start at the ultimately trusted keys and consider each signature that > corresponds to an edge going out of a valid key. Check signatures until > full validity of a key is reached (or all signatures on a key have been > checked). Stop checking then; it can't become more than fully valid by > more signatures. The fact that a key has been added to the valid keys > means you now have more edges going out from a valid key; keep repeating. And so does this… -- @martinkrafft | http://madduck.net/ | http://two.sentenc.es/ "durch frauen werden die höhepunkte des lebens bereichert und die tiefpunkte vermehrt." - friedrich nietzsche spamtraps: madduck.bo...@madduck.net
digital_signature_gpg.asc
Description: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users