On 04/24/2014 06:19 PM, Gabriel Niebler wrote: > """ > A key on my keyring is "valid" if it is not expired or revoked. > It is "authentic" if it bears one signature from one of my keys, or > several signatures from other keys to which I have granted marginal > authority to authenticate keys. > """
I can see that "authenticity" is in some ways more appealing as a term than "validity". But i agree with Peter that trying to redefine "validity" to then mean something else is likely to be asking for trouble, given the existing established terminology. I also wonder what term you would propose using as the opposite of "authentic". "valid" can be opposed cleanly with "invalid". Would you say "inauthentic" or "unauthenticated"? I prefer the latter term, but in that case, perhaps the positive version should be "authenticated" rather than "authentic". Also, i think it is a problem to say a key is valid or authentic. It is not the key that is valid or authentic, it is the combination of the key and a given user ID. An OpenPGP certificate as a whole contains one master key and one or more User IDs. So the certificate itself may contain some valid/authentic <key,userid> combinations, and some invalid/unauthenticated <key,userid> combinations. In some scenarios, you want to talk about the certificate as a whole, and sometimes people want to make assertions about the validity or authenticity of the certificate itself, even though it may be in this mixed state. For example, when a user applies ownertrust to a given certification-capable master key, GnuPG still only relies on certifications made by that key if the certificate containing the key has at least one valid <key,userid> combination. So in some sense, GnuPG considers a certificate as a whole (and by implication, its primary key) as though it it has a validity by taking the maximum of the validity of all of the certificate's user IDs. I'm not proposing that we expose this detail to the end user, though, just laying out to the detail-oriented people on this list so that we have a common understanding. --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users