On 2021-10-25 at 15:12 +0200, Neal H. Walfield wrote:
> This absolutely makes sense. One way to model this in the web of
> trust is to imagine that you have a "WKD key," which you consider a
> partially trusted introducer, and which certifies keys that you
> retrieve via WKD. Practically, it's a
Hi Phil,
On Fri, 22 Oct 2021 17:00:11 +0200,
Phil Pennock via Gnupg-users wrote:
> When evaluating the trust we have in the identity attached to a key, I
> often see "WARNING: We have NO indication whether the key belongs to the
> person named as shown above"; at the same time, `--with-key-origin`
Hi Phil,
Am Freitag 22 Oktober 2021 17:00:11 schrieb Phil Pennock via Gnupg-users:
> I think what I _want_ is `trust-model pgp+federated+tofu`, which means,
> in order: (1) any sigs from the WoT; (2) origin information from the
> key, if the origin shows the key was safely retrieved from a federat
Folks,
When evaluating the trust we have in the identity attached to a key, I
often see "WARNING: We have NO indication whether the key belongs to the
person named as shown above"; at the same time, `--with-key-origin` for
the very same key will show "origin=wkd".
GnuPG uses the trust-model optio
