[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gnutls-dev] OpenPGP Keys
From: |
Ludovic Courtès |
Subject: |
Re: [gnutls-dev] OpenPGP Keys |
Date: |
Thu, 19 Apr 2007 14:32:22 +0200 |
User-agent: |
Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux) |
Hi,
Timo Schulz <address@hidden> writes:
> See above. In GPG it is a value from 1 to 5 to the question:
>
> "how far you trust the owner of the key to correctly verify other keys"
>
> 1 = don't know or won't say
> 2 = do not trust
> 3 = trust marginally
> 4 = trust fully
> 5 = trust ultimate
>
> (5 is mostly useful for key pairs, other applications call it
> "implicit trust")
Simon Josefsson <address@hidden> writes:
> I still do not understand if this is a OpenPGP or GnuPG concept. If
> it is a GnuPG concept, and there is no equivalent OpenPGP concept to
> solve the same problem, I'm not sure we should use it.
This seems to be a GnuPG feature [0], not an OpenPGP thing.
It tells whether you consider the owner of the public key to be a
"trusted introducer", i.e., someone who makes careful key ownership
verifications before signing somebody else's key.
This is used to estimate the trustworthiness of a certificate based on
the signatures it contains, in a pure web-of-trust fashion (see the
example in [1]).
RFC 2440 defines no such thing AFAICS. Nevertheless, this may be a
useful tool for GnuTLS, too (see the discussion on `help-gnutls').
Thanks,
Ludovic.
[0] http://www.gnupg.org/gph/en/manual.html#AEN346
[1] http://www.gnupg.org/gph/en/manual.html#AEN385
Re: [gnutls-dev] OpenPGP Keys, Simon Josefsson, 2007/04/19