0

While studying PGP I started to doubt how to calculate the legitimacy/validity of a key. The problem comes when we set that key legitimacy is calculated as the weighted sum of the trust values.

What is the correct way of summing this trust values within the keyring? Am I only adding the trust values of valid or already legitimate public keys? Or do I add the trust values independently of the legitimacy status of the key?

Which is the correct way of doing it 1) or 2)?

1) The key ring contains at least C certificates from completely trusted introducers with valid public keys or the key ring contains at least M certificates from marginally trusted introducers with valid public keys.

2) The key ring contains at least C certificates from completely trusted introducers or the key ring contains at least M certificates from marginally trusted introducers.

1 and 2 differ only on the validity/legitimacy of the keys that added.

schroeder
  • 123,438
  • 55
  • 284
  • 319
jlanza
  • 103
  • 3
  • First of all, you should clearly denote whether you speak about OpenPGP, PGP or GnuPG -- first of those does not have a trust model at all, and the other to have slightly different ones. "Legitimacy" is no term usually used with OpenPGP. What you describe does not seem to match any of those trust models. You probably should provide a clear definition of what you want to express with both legitimacy and validity. Furthermore, trust levels are not numerical in OpenPGP, so you cannot sum them up, and have to differ among the number of marginal and/or fully trusted certifications. – Jens Erat Mar 14 '17 at 19:28
  • @JensErat Could you please point me to better understand the differences? [Some of the sites I'm reading](https://www.gnupg.org/) talk about trust and validity. Then in [others](ftp://ftp.pgpi.org/pub/pgp/2.x/doc/pgpdoc1.txt) they include the concept of legitimacy. I was considering legitimacy and validity as synonyms. The issue is I want to understand the trust model of PGP. Another issue is that when I say "sum up" is to count the number of marginal/fully certification. This is my wording :( – jlanza Mar 15 '17 at 08:35
  • Lots of people already discussed the difference between "PGP, OpenPGP and GnuPG", a short search at the search engine of your choice will list plenty of good discussions, and there's not really a need of adding another one... Considering your original question, I added an answer on what I _think_ is your question, but I'm still not 100% confident if that's what you were asking. – Jens Erat Mar 27 '17 at 19:36

1 Answers1

1

The PGP trust model has a transitive computation model: when a key is trusted and valid (as certified by other valid and trusted keys), it is itself considered for determining further valid keys.

This does not really match either of your options, as "introducer keys" are usually considered those forming "validation roots", for example your own key. GnuPG uses the "ultimally trusted" term for those. Usually that's your own key, as everything else can by expressed by certifications and issuing trust.

The default PGP trust model is "A key is valid if it has at least one certification by a fully trusted and valid key, or at least three certifications of marginally trusted and valid keys." GnuPG adds a path length limit of five certifications from ultimately trusted keys (or "trust introducers").

The GnuPG manual provides an illustrative example on the web of trust and trust calculations, and I discussed GnuPG's output on trust validation in another question which might provide further insight if you're already having your own keyring.

Jens Erat
  • 23,446
  • 12
  • 72
  • 96
  • I reach a similar conclusion (when I found the link you post ;)), but I preferred not to post it here as I was not sure it was correct. Thanks a lot. – jlanza Mar 28 '17 at 08:47