David Shaw on Thu, 26 Dec 2002 15:30:32 -0500 |
On Thu, Dec 26, 2002 at 12:13:23AM -0500, Jeff Abrahamson wrote: > On Wed, Dec 25, 2002 at 06:17:02PM -0500, David Shaw wrote: > > Then do a "gpg --update-trustdb" to build your web of trust. > > Thanks for all the explanations, David. > > What's the rational for gpg then wanting to ask me so many questions > about trust when updating the trustdb? That is, it asks me how much I > trust keys that I already signed (and so indicated a trust level > then). They are two different values. The number you gave when making the signature is a "how well did I check that this key really belongs to the user named" question. It's cosmetic and does not impact any of the trust calculations. The question GnuPG asks you when you do an --update-trustdb is a "how much do you trust the named user to do a good job when signing people's keys". That is the value that is incorporated into the web of trust. When it asks you for a trust level for a key that you've signed, it's asking you if you trust a key that *that person* has signed. Anything you yourself has signed is automatically valid. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson _________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
|
|