aboutsummaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--doc/ChangeLog6
-rw-r--r--doc/DETAILS6
-rw-r--r--doc/gpg.sgml48
3 files changed, 58 insertions, 2 deletions
diff --git a/doc/ChangeLog b/doc/ChangeLog
index a1883492e..6de38829c 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,9 @@
+2005-12-20 Werner Koch <[email protected]>
+
+ * gpg.sgml (trust-model): Document "auto" and the "pka" variants.
+ (keyserver-options): Document "auto-pka-retrieve".
+ (allow-pka-lookup): Document.
+
2005-12-08 David Shaw <[email protected]>
* gpg.sgml: Document --fetch-keys.
diff --git a/doc/DETAILS b/doc/DETAILS
index 918026109..c06ef84d2 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -287,6 +287,12 @@ more arguments in future versions.
to indicate how trustworthy the signature is. The error token
values are currently only emiited by gpgsm.
+ PKA_TRUST_GOOD <mailbox>
+ PKA_TRUST_BAD <mailbox>
+ Depending on the outcome of the PKA check one of the above
+ status codes is emitted in addition to a TRUST_* status.
+ Without PKA info available or
+
SIGEXPIRED
This is deprecated in favor of KEYEXPIRED.
diff --git a/doc/gpg.sgml b/doc/gpg.sgml
index d02ff2dae..1017662cd 100644
--- a/doc/gpg.sgml
+++ b/doc/gpg.sgml
@@ -1186,7 +1186,7 @@ recipient's or signator's key.
</para></listitem></varlistentry>
<varlistentry>
-<term>--trust-model <parameter>pgp|classic|always</parameter></term>
+<term>--trust-model <parameter>pgp|classic|direct|always</parameter></term>
<listitem><para>
Set what trust model GnuPG should follow. The models are:
@@ -1195,7 +1195,14 @@ Set what trust model GnuPG should follow. The models are:
<varlistentry><term>pgp</term><listitem><para>
This is the Web of Trust combined with trust signatures as used in PGP
-5.x and later. This is the default trust model.
+5.x and later. This is the default trust model when creating a new
+trust database.
+</para></listitem></varlistentry>
+
+<varlistentry><term>pgp+pka</term><listitem><para>
+Same as <term>pka</term> but a valid PKA will increase the trust to full.
+Note, that the option <term>--allow-pka-lookup</term> needs to be
+enabled to actually make this work.
</para></listitem></varlistentry>
<varlistentry><term>classic</term><listitem><para>
@@ -1207,6 +1214,10 @@ Key validity is set directly by the user and not calculated via the
Web of Trust.
</para></listitem></varlistentry>
+<varlistentry><term>direct+pka</term><listitem><para>
+Same as <term>direct</term> but a valid PKA will increase the trust to full.
+</para></listitem></varlistentry>
+
<varlistentry><term>always</term><listitem><para>
Skip key validation and assume that used keys are always fully
trusted. You won't use this unless you have installed some external
@@ -1215,6 +1226,18 @@ printed with signature checks when there is no evidence that the user
ID is bound to the key.
</para></listitem></varlistentry>
+<varlistentry><term>auto</term><listitem><para>
+Select the trust model depending on whatever the internal trust
+database says. This is the default model if such a database already
+exists. Note, this won't enable the PKA sub model.
+</para></listitem></varlistentry>
+
+<varlistentry><term>auto+pka</term><listitem><para>
+Select the trust model depending on whatever the internal trust
+database says and enable the PKA sub model.
+</para></listitem></varlistentry>
+
+
</variablelist></para></listitem></varlistentry>
<varlistentry>
@@ -1223,6 +1246,15 @@ ID is bound to the key.
Identical to `--trust-model always'. This option is deprecated.
</para></listitem></varlistentry>
+<varlistentry>
+<term>--allow-pka-lookup</term>
+<listitem><para>
+This option enables PKA lookups. PKA is based on DNS; thus enabling
+this option may disclose information on when and what signatures are verified
+or to whom data is encrypted. This is similar to the "web bug"
+described for the auto-key-retrieve feature.
+</para></listitem></varlistentry>
+
<varlistentry>
<term>--keyid-format <parameter>short|0xshort|long|0xlong</parameter></term>
@@ -1359,6 +1391,18 @@ on your local keyring), the operator can tell both your IP address and
the time when you verified the signature.
</para></listitem></varlistentry>
+<varlistentry>
+<term>auto-pka-retrieve</term>
+<listitem><para>
+This option enables the automatic retrieving of missing keys through
+information taken from PKA records in the DNS. Defaults to yes.
+Note, that the option <term>--allow-pka-lookup</term> needs to be
+enabled to actually make this work.
+</para><para>
+By using this option, one may unintentionally disclose information
+similar to the one described for <term>auto-key-retrieve</term>.
+</para></listitem></varlistentry>
+
</variablelist>
</para></listitem></varlistentry>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-17 00:50:30 +0000