Daniel Kahn Gillmor [2017-02-15 13:46:13-05] wrote: > right, so your use of "trust-model direct" switches the meaning of the > "trust" flag from its usual "ownertrust" semantics to be what we'd > normally call "validity". > > Note also that when you mark a key itself as "trusted" in this way, > you're asking GnuPG to treat *all* user IDs on it as valid.
> So if the keyholder updates their key at some point in the future to > add a new User ID, your GnuPG installation is going to blindly accept > that User ID as legitimate. Yes. I have also considered (and used a little) local signatures for the same use case: local-sign a key after checking it on a web page or in a tofu-like manner. Local signature can obviously validate only selected user ids but so far I've concluded that signatures are too strong statement for not really checked "seems ok" keys. I know that there are certification levels (like "--default-cert-level 1") but it's just simpler to use "trust-model direct" and define the level directly. Changing the decision later is also easier. > please be aware that if you switch from "trust-model direct" to > "trust-model tofu+pgp", then your previous assignments of "trust" will > transform into indications of "ownertrust". That has been my assumption. Thanks for verifying. -- /// Teemu Likonen - .-.. <https://keybase.io/tlikonen> // // PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users