X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=website%2Ftrust-models.mdwn;h=789e3a3712174ee3103fbd25191e7a4d39ef5df0;hb=98dbe4834e52014acd968b96b9ad5f7dce9aa1af;hp=c8dd93615a34537167a007a995698c4a245622bb;hpb=ce0edf8415c4bdc913c0bc4a2bf592654f467206;p=monkeysphere.git diff --git a/website/trust-models.mdwn b/website/trust-models.mdwn index c8dd936..789e3a3 100644 --- a/website/trust-models.mdwn +++ b/website/trust-models.mdwn @@ -6,11 +6,11 @@ Monkeysphere relies on GPG's definition of the OpenPGP web of trust, so it's important to understand how GPG calculates User ID validity for a key. -The basic question asked is: For a given User ID on a specific key, -given some set of valid certifications (signatures), and some explicit -statements about whose certifications you think are trustworthy -(ownertrust), should we consider this User ID to be legitimately -attached to this key (a "valid" User ID)? +The basic question that a trust model tries to answer is: For a given +User ID on a specific key, given some set of valid certifications +(signatures), and some explicit statements about whose certifications +you think are trustworthy (ownertrust), should we consider this User +ID to be legitimately attached to this key (a "valid" User ID)? It's worth noting that there are two integral parts in this calculation: @@ -62,9 +62,9 @@ validity*: * Given that: - * the key itself is valid, in the first narrow sense used above, and - * given the UserID's set of cryptographically-correct certifications, and - * given your personal subjective declarations about who you trust to make certifications (and *how much* you trust them to do this), + * the key itself is valid, in the first narrow sense used above, and + * given the UserID's set of cryptographically-correct certifications, and + * given your personal subjective declarations about who you trust to make certifications (and *how much* you trust them to do this), is this User ID bound to its key with an acceptable trust path? @@ -85,7 +85,7 @@ These colon-delimited records say (in order): * `1`: uses new "PGP" trust model (0 would be the "Classic trust model") -- see below * `1220401097`: seconds since the epoch that I created the trust db. * `1220465006`: seconds after the epoch that the trustdb will need to be rechecked (usually due to the closest pending expiration, etc) - * `3`: Either 3 certifications from keys with marginal ownertrust are needed for full User ID+Key validity + * `3`: Either 3 certifications from keys with marginal ownertrust ... * `1`: Or 1 certification from a key with full ownertrust is needed for full User ID+Key validity * `5`: `max_cert_depth` (i'm not sure exactly how this is used, though the name is certainly suggestive)