On Sunday 26 April 2009 07:00:52 you wrote: > On Apr 25, 2009, at 6:27 PM, Raimar Sandner wrote: > > On Saturday 25 April 2009 18:27:44 Raimar Sandner wrote: > >> Hello, > >> > >> when gnupg trusts a key as a result of trustdb calculations, I > >> would like to know what the chain depth for the given key is.
> The trustdb actually doesn't store per-user ID depth values. > Rather, one of the many possible depths is stored for the key as a > whole, which is fine for our purposes, but may not give you what > you want here. Take the case of A signs B(uid1), A signs C(uid1), > and C signs B(uid2). B is thus fully valid as per B(uid1) being > signed. But B(uid2) is also valid, and at one level of depth > larger than B(uid1). B as a whole thus lives at both depth 0 and > depth 1. We store this as 1, but I think you'd want it at 0. With "we store this as 1", you mean that when B signs D(uid1), uid1 being the only uid on D, D(uid1) and thus D as a whole is regarded to be valid at level 2 (given sufficiant ownertrust of B)? I ask that because signatures are made by keys, not by uids. Gpg regards a signature to be valid, if and only if there is at least one fully valid uid on the signing key, right? Wouldn't it then be consistent to regard a key as a whole valid at level n, if it has a uid signed by a key which has at least one uid being valid at level n-1? > You can see this in action, and perhaps give you the information > you want, by doing: > > gpg -v -v --check-trustdb. Thank you, that actually helps me a lot. I didn't know the -v -v switch of --check-trustdb up to now. Raimar _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
