On Tuesday 15 April 2008 at 12:39:43 Herbert Furting wrote: > gpg uses a so called trust modell (there ary actually several > different), where you can each UID/key an specific amount of trust. > You can give: > n Never trust this key. > m Marginally trusted. > f Fully trusted. > u Ultimately trusted. > and you'll also see: > - No ownertrust assigned / not yet calculated. > e Trust calculation has failed; probably due to > an expired key. > q Not enough information for calculation. > > (I've stole that from the manpage,.. so credit should go to Werner or > some of the other developers ;) ) > > > Depending on how much you trust a user you normally give him n (e.g. > your little brother who signs every key/uid without validating it, m > or f and rarely perhaps even u (your wife, which you fully trust > *g*.... or not). > u means that you automatically recognize the key/UIDs that keyholder > made as valid > completes-needed specify how many trust-paths you need to a key from > keys you trust fully. > marginals-needed is the same for marginally trusted keys. > > suppose you are A and have signed following key/UIDs with following > trust values: > B(f) > C(f) > D(m) > E(m) > Now your gpg gets the key F, which you haven't signed yourself, but > the others have, thus you'll have the following trust-paths: > A->B(f)-F > A->C(f)-F > A->D(m)-F > A->E(m)-F > > Suppose marginals-needed=3 and completes-needed=2: > The two paths > A->D(m)-F > A->E(m)-F > are not enough the recognize F as valid, because you'd need tree ?(m) > paths, but the two other pathes are enough.
Thanks, that makes sense. So I guess my question is: is this a guide for me, and then I should manually set the trust level on key F myself (if I am satisfied that the chains exist), or should gpg do this automatically for me based on the parameters in my gpg.conf? It doesn't seem to be calculating anything automatically at the moment. Thanks, Pete.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
