diff options
Diffstat (limited to '')
| -rw-r--r-- | src/content/docs/guides/openpgp-trust-manage.md | 35 |
1 files changed, 31 insertions, 4 deletions
diff --git a/src/content/docs/guides/openpgp-trust-manage.md b/src/content/docs/guides/openpgp-trust-manage.md index 74989ed..d7749d6 100644 --- a/src/content/docs/guides/openpgp-trust-manage.md +++ b/src/content/docs/guides/openpgp-trust-manage.md @@ -29,7 +29,10 @@ user's confidence in the key owner's ability to vouch for others. This distinction allows users to build personalized and scalable Web of Trust models without relying heavily on external signatures or centralized authorities. + + Typical trust levels include: + - **Unknown**: No trust decision has been made. - **None**: The key owner is not trusted to certify other keys. - **Marginal**: The key owner is partially trusted. @@ -41,6 +44,24 @@ By using Owner Trust, users can securely manage communication without requiring constant updates from key servers, maintaining both simplicity and control over their trust network. +### Setting Owner Trust + +GpgFrontend makes it easy to manage Owner Trust levels for any key in your +collection directly from the Key Toolbox. + +To change the Owner Trust level: + +1. Locate the Key: Find the desired public key (or key group) in the Key Toolbox + table. +2. Open the Context Menu: Right-click on the key entry to display the context + menu. +3. Set Owner Trust Level: Select the “Set Owner Trust Level” option. + +A dialog will appear allowing you to choose the appropriate trust level +(Unknown, None, Marginal, Full, Ultimate). + + + ## Signing UIDs and Current Limitations In GpgFrontend, users can sign the UID (User ID) of another user’s OpenPGP @@ -48,7 +69,10 @@ public key to confirm its authenticity. However, during the initial design phase, the potential need to synchronize these signatures with key servers was not fully considered. + + Currently: + - GpgFrontend does not automatically upload signed UIDs to OpenPGP key servers. - Whether a signature update is accepted depends entirely on the specific key server’s policy. @@ -56,22 +80,26 @@ Currently: Reasons for not enforcing automatic synchronization: Uncontrollable Behavior of Key Servers + - Different servers (e.g., keys.openpgp.org, SKS servers) have varied policies regarding third-party signatures. - Some servers accept them; others require UID validation or reject them - altogether. + altogether. Potential Key Size Inflation + - Each additional signature increases the public key’s size. - Frequent uploads of third-party signatures would cause key bloat, impacting - synchronization and performance. + synchronization and performance. + +Practical User Behavior -3. Practical User Behavior - Most users verify fingerprints manually and rely on Owner Trust. - Synchronizing all third-party signatures to public servers is often unnecessary for typical use cases. ## Special Considerations for Organizational Users + In organizational environments (e.g., large enterprises), simple Owner Trust is often inadequate. In these cases, a Certificate Authority (CA)-based trust model is used: @@ -93,4 +121,3 @@ future development may consider it based on user demand. third-party signatures. - Explore the implementation of organizational trust models such as CA-based signature management and certificate presentation. - |