I am learning about the Web of Trust and how to use it. However, I have some issues to fully grasp the concept of Signatory Trust.
What is an easily understandable definition of signatory trust? An example would be very helpful.
I am learning about the Web of Trust and how to use it. However, I have some issues to fully grasp the concept of Signatory Trust.
What is an easily understandable definition of signatory trust? An example would be very helpful.
Signatory trust is used to describe the situation of transitive certifications. Consider Alice signed Bob Alice -> Bob
, and also puts owner trust on Bob (owner trust means, Alice puts faith in certification Bob issues). Now, if Bob signs Carol Bob -> Carol
(but Alice doesn't), Alice cannot directly verify Carol's key (she didn't certify it herself), but she can build a trust path:
Alice -> Bob -> Carol
Remember that these transient trust steps always require three components, a certification from a trusted and already valid key. PGP/GnuPG use a more advanced trust model with marginal and full trust, but the basic principle is the same.
In this situation, we have different kinds of trust: