| gyoza on 29 Jul 2005 16:47:22 -0000 |
|
Eric J. Roode wrote: > gyoza@comcast.net wrote: > >> I'm curious about the "Validity" field. My key shows "Ultimate" and all >> others show "Unknown". (Trust is set to "Full" for my key and the >> others are set to "Marginal".) How is validity determined? >> > Validity is how sure you are that the key in question really really is > the key of the person that it's claimed to be associated with. You have > your secret key on hand, so it's clear that your public key is valid. > You haven't validated anyone else's key, so they're all "unknown". > > Trust is how much you trust a person's judgment in validating other > keys. For example, I strongly trust certain people to definitively > check a person's identity and public key before they'll sign (vouch for) > that person's key. If I receive a public key that I personally haven't > validated, but which (say) Walt Mankowski and Michael Toren have both > signed, I can be pretty certain that the key I have is genuine. > > GPG has no way of knowing how trustworthy a person is; it uses whatever > value you enter. Validity, on the other hand, is computed. If the > secret key is on-hand, the public key is ultimately valid. If a public > key is signed by a secret key that is on-hand, the public key is > considered valid. If the key isn't signed by you, but is signed by > three (I think) other people whose keys are known to be valid and who > are trustworthy, the key is considered valid. > OK, that helps. However, I just test signed a couple keys and the Validity didn't change even though I said I checked the key carefully. So, maybe it depends on a number of other signatures. Attachment:
signature.asc ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|