Hello, On 09/05/2017 12:58 AM, Mario Castelán Castro wrote:
Are the trust models “classical” and “pgp” as implemented in GNU PG documented anywhere?
As far as I know, not really. Certainly not in the OpenPGP RFCs. RFC4880 and its predecessors never defined any trust model, they only defined some “tools” that can be used by a trust model (such as the different certification types or the trust signature packet). But the trust models themselves are left to the implementors.
I seem to remember that someone on the IETF OpenPGP mailing-list evoked the idea of writing a complementary, informational RFC to describe routinely used trust models, but I don’t think it has ever been done.
As for the “classic” and “pgp” trust models as used by GnuPG, very briefly:In the “classic” trust model, GnuPG determines whether a given non-expired, non-revoked OpenPGP public key is valid by looking at the signatures (“certifications”) carried by that key. The key is fully valid, marginally valid, or of unknown validity depending on the number of certifications emitted by trusted keys in the user’s keyring.
The key aspect of the “classic” trust model is that it only determines the *validity* of a key. *Ownertrust* (the value associated with a key and which indicates if certifications emitted by that key are taken into account) is always manually set by the user. (This is something that is frequently misunderstood.) A “classic” signature only means something like “I certify that this key belongs to its stated owner”.
By contrast, in the “pgp” trust model, users can emit “trust signatures”, which carry both validity and ownertrust information. A trust signature means “I certify that this key belongs to its stated owner *and* I regard its owner as trustworthy.”
To illustrate the difference, let’s consider the following (from the point of view of Alice):
a) Alice signs Bob’s key and fully trusts Bob; b) Bob signs Carol’s key and fully trusts Carol; c) Carol signs David’s key.In the “classic” trust model, only Bob’s and Carol’s key are valid (Bob’s key because it is signed by Alice’s own key, and Carol’s key because it is signed by Bob’s key, which Alice fully trusts). But David’s key is of unknown validity because Alice never assigned an ownertrust value to Carol’s key. The fact that Bob fully trusts Carol is irrelevant; actually, Alice does not even know that Bob fully trusts Carol.
In the “pgp” trust model, and assuming that Alice and Bob emitted trust signatures instead of simple signatures (I ignore, for simplicity’s sake, the notion of trust depth and the possibility to assign marginal ownertrust), Carol’s key has full ownertrust in the eyes of Alice even though Alice never explicity assigned an ownertrust value to it. Consequently, David’s key is valid.
Obviously there would be much more to describe, but I hope the above helps a little bit.
For what it’s worth, I wrote a document attempting to describe more thoroughly the various trust models used by GnuPG (including the new TOFU models) [1]. Unfortunately, it’s in French. :( I wanted to write an English version but never found the time nor the motivation…
Damien [1] https://incenp.org/dvlpt/docs/confiance-openpgp.html
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
