On Sat 2017-02-25 07:23:39 -0500, Michal Novotny wrote: > I have got a trustdb that gives the following output on --check-trustdb: > > gpg: public key of ultimately trusted key 3ADE2987ABBFDB66 not found > gpg: public key of ultimately trusted key 831FE43EDDD16F3D not found > gpg: marginals needed: 3 completes needed: 1 trust model: pgp > gpg: depth: 0 valid: 6468 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 6468u > gpg: next trustdb check due at 2021-01-18
I don't know about the size change of the trustdb.gpg -- hopefully someone else can weigh in on that. But i want to point out that 6468 ulimately-trusted keys is a *very* unusual arrangement. any one of these keys can certify any other key and gpg will rely on those certifications. You should think of ultimate ownertrust in the same way that you think of adding a new root CA to your X.509 certificate validation stack (e.g. for your web browser). Anyone with this capacity can pretty easily inject itself in your communications stream by adding OpenPGP public keys ("OpenPGP certificates") that your tools will happily believe are valid for the identities they claim. I'm not saying that this is *never* what anyone would want to do, but i've never seen a use case present itself where this was what the user actually wanted to enable > 6K parties to be able to do. Regards, --dkg
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users