Dear list, Why is changing the --min-cert-level not enough to trigger an update of the trust-db? Should it be?
Supposing a scenario in which a user is prepared to accept lower-level certifications for low value communications, but requires higher level certifications for others. At present the user can specify --min-cert-level on the command line, but the trust database itself will not be updated for the purposes of listing/editing keys, verifying signatures or encryption. The user interface can become easily out of sync with the user's explicit trust model settings. The only solution is to explicitly order --check-trustdb. However, this creates further problems and possible security risks, because there is no guarantee that a temporary change will be reverted when the user stops specifying the --cert-level on the command line. I suspect this is little-used feature of gpg. On the other hand, it does look like an excellent way for the user to shoot himself in the foot without even realising it. (Senario to verify the problem at the end of this email) Best wishes, Nicholas ================================================================= To verify problem: 1. Sign a key with a level 1 certification 2. Do gpg --min-cert-level=1 --check-db 3. Edit the key you have just signed, or try to encrypt to it, and the listing will show the uid as trusted EVEN if you do not specify the low cert level on the command line, and are therefore using the gpg default --min-cert-level=2. This is looks a security risk to me. (problem identified with gpg 1.4.11) _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
