To implement a CA structure with intermediates we need to have the structure:
Root CA -> Is configured on the system as trusted-key
The Root CA then signs the Intermediate CA as trusted introducer.
Then the CA can sign client certificates without having to set "Ownertrust" in the client because the client already has the ownertrust value because of the trusted introducer signature.
GnuPG already supports this but at some point we would like to have support in the GUI.