[Enigmail] Color Coding

John W. Moore III jmoore3rd at bellsouth.net
Sun May 3 05:12:57 PDT 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Harry Rickards wrote:

> Ok, thanks. If the bar turns green when I sign it it's not that much of
> a big deal, but do you know if there's anyway so that if the key is
> *not* signed, but is trusted fully the bar turns green?

This will entail a description of Depth of Trust.  By that I mean that
if You are verifying the Sig on a message made with a Key that You have
_not_ Signed but the Key is Signed by another Key on Your Keyring that
You have Trust Signed with a Depth of Trust greater than Zero then the
Enigmail Bar will show Green.  Depth of Trust indicated how many 'hops'
or 'ripples in the Trust pool' Your Signature extends.

i.e.  I tsign Your Key with a Depth of Trust of 2 then You sign Alice's
Key.  I haven't Signed Alice's Key yet when I receive a Signature from
Alice the Enigmail Bar will show Green because I signed Your Key & You
have signed Alice's.  If I receive a Message from someone whose Key has
been signed by Alice the same thing will occur.  This is because the
'hops' are 2 Sigs away from My Key.  If I had Signed  Your Key with a
Depth of Trust of 1 then only Keys Signed by Your Key will show Green
but Sigs made by folks whose Key You have Signed will show Blue because
I haven't indicated via My Trust signature that I am extending Trust by
proxy beyond Your Signature.

Clear as Mud?  You can also read the GnuPG Manual regarding the tsign
Command.  In PGP this is indicated by looking at the Signatures on a
Key.  Standard/Normal exportable sigs have a Trust Depth of 0 and will
be indicated with a Yellow Pencil but Trust Sigs [PGP calls 'em Trusted
Introducer] will be indicated with a Black Pencil.

Owner Trust is determined by the simple presence of Your Signature on a
Key.  Calculated Trust is determined based upon the Depth of Trust
extending from a Signature on the Key being verified.

HTH

JOHN ;)
Timestamp: Sunday 03 May 2009, 08:12  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4987: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJJ/YpHAAoJEBCGy9eAtCsPenMH/2fTE9q0ZlxyRo3sOc9QlqfU
CRyiVd9V9+4RZZvjLUkue8LtY0C+0peygGPWa1SpTrmihZNz+3kkLdx9s7Abvd3q
2SbeiK/SknLKWE9LN5B/pYcUPN92iXXknKfkMgAbfksYPt/A+wnDQvCvf5qgcxIG
1QroLXPEKQQP3VwQv4rxMS1cFjlFYVqzsa5cl7k3KsLeBEGmzXNdiWPxJYCfto23
rvujxezYeA5dwj84ftrXwZl810Odm19uvNv4+Wx66U3EhWfF4ukAPrBYXCZDVPMu
LeeH5hjYGifqhFHqC5pw2FIYc4bTXxDTca1Cf4cv2wbbNKXh/WwsqL9aBUC8Pxc=
=pZea
-----END PGP SIGNATURE-----

More information about the Enigmail mailing list