-----BEGIN PGP SIGNED MESSAGE-----

Hi,

thanks for the quick answers. So my problem was confusion between
Key-validity and UserID-validity.

I wasn't aware of --fixed-list-mode when I did the testing here.

So the standard out put from gpg is the key validity.

When does gpg use UserID-validity to decide if the Web-Of-Trust is
strong enough and when is Key-validity used as a criteria?

Is there other documentation about this than the source code? The 
privacy handbook does not talk about UserID-validity. It only mentions
Key-validity...

BTW: There is a tiny small bug in the Privacy Handbook. The last row in
the table (underneath Figure 3-1) explaining what validity you get depending
on the defined owner trust is missing the entry 'Dharma' in the last column.
<http://www.gnupg.org/gph/en/manual.html#AEN385>

We are doing a bit of research here since we are going to publish a little
info bulletin for our users on how the WoT is working and especially what the
heck the 'ownertrust' is good for and why someone might asign it to some
keys....how the relation between ownertrust and validity is and how to
read the statistics that --update-trustdb is producing.

I guess you can close the call. :-) Thanks

Reimer

On Wed, Jun 11, 2003 at 04:39:07PM +0200, dshaw@jabberwocky.com wrote:
> Subject: Re: gnupg/172
> Date: Wed, 11 Jun 2003 16:39:07 +0200
> 
> Synopsis: Web-of-Trust possibly wrong validity assignment/calculation for multiple UserIDs when primary UserID is changed
> 
> State-Changed-From-To: open->feedback
> State-Changed-By: dshaw
> State-Changed-When: Wed, 11 Jun 2003 16:38:57 +0200
> State-Changed-Why:
> When you add a new user ID to a key that has some validity
> from an existing user ID, the validity of the key remains
> the same (as the overall key validity is still set from the
> most-valid user ID).  The new user ID has no validity, so
> does not impact this.
> 
> It is important to note that the validity from the old user
> ID is *not* transferred to the new user ID.  If you do
> --list-keys --with-colons --fixed-list-mode you can see the
> validity values for each user ID individually to confirm this.
> 
> Unfortunately the web of trust does require you to get a
> whole new set of signatures when you make a new user ID..

Kind Regards

Reimer Karlsen
DFN-Policy-CA Team
- -- 
DFN -- The German National Research and Education Network (NREN)
 
Dipl.Inf. Reimer Karlsen        e: karlsen@dfn-pca.de
DFN-CERT GmbH                   w: http://www.dfn-pca.de/
Department DFN-PCA              p: +49.40.808077555 (switchboard)
Heidenkampsweg 41               p: +49.40.808077615 (direct line)
D-20097 Hamburg, Germany        f: +49.40.808077556 (fax)
PGP Key-ID:      0x1A9E4B95 (RSA legacy, 2048 bit)
PGP-Fingerprint: A6 9E 4F AF F6 C7 2C B8  DA 72 F4 5E B4 A4 F0 66
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (SunOS)

iQEVAwUBPudJRxKWILoankuVAQEp7AgAvyjFDu4vm79oeFl0SyfIh6zFLy+kcf34
O7ZwPBkdimaxZMNXx9kcjbcUPDwSaq3e872IPT9/mG3pwPHDasoxqx2ZxRAP8CZQ
DAj4rKrEjoRA9yv34F6qLomn9TGUVOCibihu4cY+37xJfnKiomPp6mNJqw156tAs
e2IAb82tBPVaBBZN+TKsH6Nxsv/MhOBBfP29qAld6BDDJ9E/OrvCeH/yJd5QMYKk
PZUFtmdtGHDIzN4XsZngZKhNJGD0bWcwLgDShLcfa5nG+/WHR1ImHoSdBeKudMuq
99Ibw6U2k6bAWJtW1HOIrNlZrIQ73aab2a2YZEg6QNBHORIDjan8jg==
=yHt4
-----END PGP SIGNATURE-----