[Enigmail] ownertrust vs. calculated validity [was: Re: Setting trust levels for unknown keys]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Apr 29 14:21:40 PDT 2009
On 04/29/2009 02:43 PM, Allen Schultz wrote:
> Or better yet, Faramir.cl told me to get CAcert.org's gpg key and sign
> it as it is a Certificate Authority. Then you may download a few or
> all of the GSIntroducers how have verified and signed other keys. Once
> I have done this, over half of my corespondants became Trusted.
Sorry to nit-pick here, but this terminology is pretty confusing, and i
think we owe it to ourselves to be clear. There are (at least) two
concepts that are being conflated into the term "trust", which i'll try
to distinguish.
* One thing people mean by "Trust" is probably better called
"Calculated Validity" This answers the question "Do i believe that the
key (e.g. 0x12ABCD34) used here actually belongs to the User ID (e.g.
"Joe Smith <joe at example.org>") that it claims to belong to?"
People often call this "trust" in the context of a signed message
because having full calculated validity to a given User ID lets you be
sure that a message signed by the associated key actually was written by
the person to whom the User ID refers.
Enigmail currently says "Good Signature from Joe Smith <joe at example.org>
with key ID 0x12ABCD34" in green, when there is full calculated
validity. This is good. But when there is not full calculated
validity, it simply prefixes the message with "UNTRUSTED". Instead, it
should say something like "OK Signature by Key 0x12ABCD34, which may or
may not belong to Joe Smith <joe at example.org>". Maybe it should also
use some other color in this case.
* The other thing that people mean by "Trust" is the OpenPGP concept of
"ownertrust". This answers the question "Do I expect the holder of this
key to make responsible certifications of other Keys and User IDs?"
That is, if you grant full ownertrust to key 0x12345678, whoever holds
the secret part of that key can make a certification which binds another
key (0x12ABCD34) to its associated User ID ("Joe Smith
<joe at example.org>"). Because of the grant of ownertrust, you can now
calculate full validity on the binding between "Joe Smith
<joe at example.org>" and key 0x12ABCD34, even though you've never met Joe
in person and exchanged fingerprints.
The UI that the original poster is asking about relates to ownertrust,
not to calculated validity, and is therefore *not* directly unrelated to
the "UNTRUSTED" label applied in the message view pane. If enigmail
(and other OpenPGP tools could stop using the word "trust" altogether, i
think it would be a good thing, since the word is so
confused/confusing/ambiguous due to its multiple meanings.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20090429/d028ee55/attachment.bin>
More information about the Enigmail
mailing list