Re: [GPGrelay-Talk] v0.956 pre-release - Sign Flag

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi dynacore//.tSCc.,

On Mon, 14 Feb 2005 20:26:54 +0100 (2:26 PM here), dynacore//.tSCc.
[dt] wrote in <mid:007301c512cd$ef544480$f9d255d9@tesla>:

>> This was not happening with GPGrelay 0.955 and GPG 1.2.7. Shouldn't
>> local (non-exportable) signatures hide this red flag?

dt> They shouldn't show. And actually they don't show with my setup
dt> (also using GPG1.4.0a, Classic Trust Model).

Hmmm ... they do show here.

dt> Did you do a "Reload Keyring"?

Many times.

dt> Maybe you should try "gpg.exe --check-trustdb --batch" before.

This didn't seem to make any difference.

dt> What do you see as "Calculated Trust" for the UserIDs in the
dt> Keydialog of such keyrules?

I've tried looking at your key using both the Classic Trust Model and
the PGP Trust Model.

It shows:

"Calculated Trust: Unknown (this key is new to the system)"

Of course, we know that isn't true since we've corresponded for quite
some time. :)

Some minutes later .... after testing many things ...

This is what I have been doing when I receive a new key:

I sign all user IDs locally answering (1) in the dialog below. The
only people where I answer differently (3) are GSWot notaries and
friends or co-workers whose identity I am 100% positive of.

=====GPG MENU
How carefully have you verified the key you are about to sign actually
belongs to the person named above? If you don't know what to answer,
enter "0".

   (0) I will not answer. (default)
   (1) I have not checked at all.
   (2) I have done casual checking.
   (3) I have done very careful checking.
=====

Under Trust, I answer (5) for my own keys and the GSWoT main key. I
answer (4) FOR GSWoT notaries because they are required to check
documents. For all others I answer (1) because I really don't know
other people's methods of verifying others.

=====GPG MENU
Please decide how far you trust this user to correctly verify other
users' keys (by looking at passports, checking fingerprints from
different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu
=====

Under GPG 1.2.5 thru 1.2.7 and GPGrelay 0.955 I did not see red
exclamation marks (!) in the Keyrules window.

With GPG 1.4.0 and 1.4.1rc1 I do see exclamation marks. However, if I
sign a key either locally or as exportable using a value of (2) the
exclamation mark is gone. GPGrelay now says "Calculated Trust: The key
is full trusted".

Perhaps I am misunderstanding the purpose of the red exclamation mark
(!). I thought that it meant that a key had not been signed.
Apparently it means it is signed (either locally or as exportable) and
trusted with at least "(2) I have done casual checking".

GPGrelay didn't used to behave this way under 0.955.

- --
Kevin Coates
Dewitt, NY  USA

Using GPGrelay v0.956 under Windows XP 5.1.2600 SP2
________________________________________________________________
-----BEGIN PGP SIGNATURE-----

iD8DBQFCEWtAvZSrVDqOXK0RAnfqAKC2prMNuUn6Cl6UAQN/Q4ArfZvEXwCeMfiS
WngcHSXo8d7bZxiuvPudXBQ=
=VSt3
-----END PGP SIGNATURE-----