Heiko Schaefer suggested to me that there was some strange things happening in GnuPG's "Web of Trust" calculations.
Running the above script we see:
$ ./wot-strangeness : Alice trust-signs Bob with full (depth 2) : Bob trust-signs Carol with full (depth 1) : Bill trust-signs Carol with marginal (depth 1) : Carol certifies Dave Alice's view of Dave: pub ed25519 2025-04-16 [SC] [expires: 2028-04-15] A4D12801C5F7AA0F815B04B1207C982395DCA708 uid [ full ] Dave : Alice trust-signs Bill with marginal (depth 2) Alice's revised view of Dave: pub ed25519 2025-04-16 [SC] [expires: 2028-04-15] A4D12801C5F7AA0F815B04B1207C982395DCA708 uid [marginal] Dave $
Specifically: Alice tsigning Bill *reduces* her confidence in the validity of Dave's certificate. How is it possible that adding a trust-signature would reduce validity?
Before that final tsign, the graph looks like this:
ⓕ2 ⓕ1
Alice —→ Bob —→ Carol → Dave [full]
🡕ⓜ1
Billand Dave's certificate is considered fully valid.
But after Alice adds the marginal tsig to Bill, Dave's certificate is only marginally valid:
ⓕ2 ⓕ1
Alice —→ Bob —→ Carol → Dave [marginal]
ⓜ2 🡖 🡕ⓜ1
BillWhat's going on here? Is there something i'm misunderstanding about how GnuPG evaluates marginal trust signatures?