[vox-tech] gpg: do we ever have to change trust level for our keys?

Peter Jay Salzman vox-tech@lists.lugod.org
Fri, 26 Jul 2002 13:09:20 -0700 

12:30pm:

gpg doesn't seem to recognize that my key is trusted anymore.  here's an
example of me signing a document and then verifying the signature:

   p@satan% gpg --sign todo
   
   You need a passphrase to unlock the secret key for
   user: "Peter Jay Salzman <p@dirac.org>"
   1024-bit DSA key, ID 67EA951D, created 2000-12-08
   Enter passphrase:
   
   p@satan% gpg todo.gpg
   File `todo' exists. Overwrite (y/N)? y
   gpg: Signature made Fri Jul 26 12:31:43 2002 PDT using DSA key ID 67EA951D
   gpg: Good signature from "Peter Jay Salzman <p@dirac.org>"
   gpg: WARNING: This key is not certified with a trusted signature!
   gpg: There is no indication that the signature belongs to the owner.
   Fingerprint: B9F1 6CF3 47C4 7CD8 D33E  70A9 A3B9 1945 67EA 951D
   
   p@satan% gpg --list-sigs dirac
   pub  1024D/67EA951D 2000-12-08 Peter Jay Salzman <p@dirac.org>
   sig 3       67EA951D 2000-12-08   Peter Jay Salzman <p@dirac.org>
   sig         58D7BA3C 2000-12-12   Henry House <hajhouse@houseag.com>
   sig 3       074A81E6 2002-07-23   dugan (ME) <dugan@passwall.com>
   sig         DF61615F 2001-12-13   Matt Roper (Main) <matt@mattrope.com>
   sig         72177BC7 2002-07-25   Ryan Castellucci <ryan@mother.com>
   sub  2048g/BA20F792 2000-12-08
   sig         67EA951D 2000-12-08   Peter Jay Salzman <p@dirac.org>

i'm stumped.  "all of a sudden" gpg doesn't see my key as being certified.


1:00pm:
========
after thinking for awhile, it kind of seems like gpg "forgot" that my
key should be "ultimately" trusted.  i did a:

   gpg --edit-key p

and sure enough, my key wasn't trusted (-/-).  so i changed the trust
level of my key to "ultimately trusted".  then:

   p@satan% gpg todo.gpg
   File `todo' exists. Overwrite (y/N)? y
   gpg: Signature made Fri Jul 26 12:59:10 2002 PDT using DSA key ID 67EA951D
   gpg: Good signature from "Peter Jay Salzman <p@dirac.org>"
   gpg: checking the trustdb
   gpg: checking at depth 0 signed=3 ot(-/q/n/m/f/u)=0/0/0/0/0/1
   gpg: checking at depth 1 signed=1 ot(-/q/n/m/f/u)=0/0/0/0/3/0
   gpg: checking at depth 2 signed=0 ot(-/q/n/m/f/u)=1/0/0/0/0/0
   gpg: next trustdb check due at 2002-08-02

egads.  never saw anything like THIS before.  and again, just to see
what will happen:

   p@satan% gpg todo.gpg
   File `todo' exists. Overwrite (y/N)? y
   gpg: Signature made Fri Jul 26 12:59:10 2002 PDT using DSA key ID 67EA951D
   gpg: Good signature from "Peter Jay Salzman <p@dirac.org>"

all this for one simple question:

this seems to indicate that my trust level needs to be checked every so
often (august 2 2002 is the next check).

i've never seen this before.

is this normal?

pete

-- 
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E  70A9 A3B9 1945 67EA 951D