David Shaw on Thu, 26 Dec 2002 15:30:32 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] gpg errors and confusion


On Thu, Dec 26, 2002 at 12:13:23AM -0500, Jeff Abrahamson wrote:
> On Wed, Dec 25, 2002 at 06:17:02PM -0500, David Shaw wrote:
> > Then do a "gpg --update-trustdb" to build your web of trust.
> 
> Thanks for all the explanations, David.
> 
> What's the rational for gpg then wanting to ask me so many questions
> about trust when updating the trustdb? That is, it asks me how much I
> trust keys that I already signed (and so indicated a trust level
> then).

They are two different values.  The number you gave when making the
signature is a "how well did I check that this key really belongs to
the user named" question.  It's cosmetic and does not impact any of
the trust calculations.  The question GnuPG asks you when you do an
--update-trustdb is a "how much do you trust the named user to do a
good job when signing people's keys".  That is the value that is
incorporated into the web of trust.

When it asks you for a trust level for a key that you've signed, it's
asking you if you trust a key that *that person* has signed.  Anything
you yourself has signed is automatically valid.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson
_________________________________________________________________________
Philadelphia Linux Users Group        --       http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion  --   http://lists.netisland.net/mailman/listinfo/plug