On Apr 25, 2009, at 6:18 PM, Raimar Sandner wrote:
On Saturday 25 April 2009 22:00:05 John W. Moore III wrote:
Raimar Sandner wrote:
In the end it is of course a people thing whether you trust a key
or not,
no mathematical model ever can replace your final decision. So
there is a
big difference in gpg saying "fully trusted" and you thinking "fully
trusted".
This is why both Owner Trust & Calculated Trust exist. One is a
mathematical result and the other is a Personal evaluation.
Well, as I understand those two are quite different. The owner trust
refers to
my personal trust in the _owner_ of a key to correctyl sign other
keys.
Yes.
The
calculated trust refers to the validity of a _key_ (and is of course
calculated based on the ownertrust values belonging to the signatures
attached to this key).
Almost. The calculated trust actually refers to the validity of a
given user ID on a given key. It is possible to have a key with
multiple user IDs, some of which are calculated to be valid, and some
of which are not.
So one is trust in a key (here gpg can give a hint) and
one is trust in people (here gpg cannot say anything). But they are
not trust
values refering to the same thing, one being my opinion and one gpg's.
Yes. The terminology can get difficult if the term "trust" is used
for both. Many people use the words "trust" (aka owner trust or
personal trust) and "validity" for these two concepts.
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users