On Tue 2015-05-26 14:56:35 -0400, Mike Acker wrote: > the question to be settled is "do I trust the key?" completely? > possibly? or I have no resason to trust it at all.
No, this is *not* the question. Ownertrust and User ID Validity are two different things, and enigmail should not conflate them. Ownertrust applies to primary keys, and answers the question "am i willing to rely on identity certifications made by this key?" User ID Validity applies to <primary-key,user-id> pairings, and answers the question "do i believe that the person referred to by this User ID controls this key?" > This is related to the trust level and you derive that from the > previous signatures attached to the key -- or from your own knowlege. The "trust level" is GnuPG's "ownertrust", which is *not* derived from the certifications attached to the key. > I would sign the key if I meant to help the other party to build trust > in their key. but I don't see that I would then upload their public > key,-- I don't see how that would work unless the key-server combines my > update with whatever she already has up there.... I don't think that > happens That is exactly what happens on the keyservers. They merge certifications. > anymore than uploading a revoke key will automatically invalid the key > that I have on the server. I have to depend on the other party > checking for a revoke signature -- "AFIK" I'm having a hard time understanding what you're recommending here, or if you're reporting a problem that needs fixing. If Alice imports her revocation certificate for her key A, and then uploads the revoked key to the keyservers, then anyone who fetches key A From the keyservers (either by "gpg --refresh" or by pulling it down specifically) will see that Alice's key is revoked. > the one thing that we should not do is dilute the mechanism I don't know what this means. > I'm on Enigmain 1.8.2 using LMDE/2 MINT right now -- I can't sign a key > using ENIGMAIL; I have to use command line. I don't mind doing that by > the dialog should get fixed sometime . This sounds like a separate bug report. Please either start a new thread about it here on the mailing list, or file a bug at https://sourceforge.net/p/enigmail/bugs. Hope this helps clear things up, --dkg
signature.asc
Description: PGP signature
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
