2008/4/15 Peter Lewis <[EMAIL PROTECTED]>: > Ah, thanks, that makes sense. And then I can sign his new UIDs too? Or just > change their trust level? You'll "have" to sign his new UIDs, too. What you could to is do issue a so called non-exportable (gpg uses the term local, iirc) signature. That means this signature is (better said should be) only recognized by the signer (you) but not by other people.
> Thanks, this is helpful. So, if I have to set the trust of other keys myself > in order to recognise them as valid, what is the function of Yes,.. but not always,.. for example gpg sets your own key automatically to an unlimited trust ;-) > the "completes-needed", "marginals-needed" and "max-cert-depth" options in my > gpg.conf file? gpg uses a so called trust modell (there ary actually several different), where you can each UID/key an specific amount of trust. You can give: n Never trust this key. m Marginally trusted. f Fully trusted. u Ultimately trusted. and you'll also see: - No ownertrust assigned / not yet calculated. e Trust calculation has failed; probably due to an expired key. q Not enough information for calculation. (I've stole that from the manpage,.. so credit should go to Werner or some of the other developers ;) ) Depending on how much you trust a user you normally give him n (e.g. your little brother who signs every key/uid without validating it, m or f and rarely perhaps even u (your wife, which you fully trust *g*.... or not). u means that you automatically recognize the key/UIDs that keyholder made as valid completes-needed specify how many trust-paths you need to a key from keys you trust fully. marginals-needed is the same for marginally trusted keys. suppose you are A and have signed following key/UIDs with following trust values: B(f) C(f) D(m) E(m) Now your gpg gets the key F, which you haven't signed yourself, but the others have, thus you'll have the following trust-paths: A->B(f)-F A->C(f)-F A->D(m)-F A->E(m)-F Suppose marginals-needed=3 and completes-needed=2: The two paths A->D(m)-F A->E(m)-F are not enough the recognize F as valid, because you'd need tree ?(m) paths, but the two other pathes are enough. (@the others,.. was that correct?) Herbert. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users