I'm reading Cryptography and Network Security Principles and Practices (5th ed, p584) and reading about PGP keyrings, I'm a little confused about the differences between the owner trust field and the signature trust field. I quote:
In turn, each signature has associated with it a signature trust field that indicates the degree to which this PGP user trusts the signer to certify public keys.
and ...
An owner trust field is included that indicates the degree to which this public key is trusted to sign other public-key certificates.
The powerpoint slides I'm reading don't seem to make a clear distinction between the two either:
- Signature trust field: Measures how far the PGP user trusts the signer to certify public keys. (The key legitimacy field for an entry derives from the signature trust fields.)
- Owner trust field: Indicates the degree to which this PGP user trusts the key's owner to sign other public-key certificates. PGP doesn't compute this level of trust; the PGP user assigns it. You can think of a signature trust field as a cached copy of the owner trust field from another entry.
Am I correct in saying that the owner trust field is the extent to which I (the keyring owner) trust the public key entry in the table?
Does the signature trust field get set manually by the user?
If I have a public key entry from Bob, and Charlie and David have signed it, would I have two signature trust entries for that key? - And do I have to set these manually? - What if I don't know David, what would the value be?