The following is an email sent from Nate Nielsen to seahorse-devel@lists.sf.net regarding Seahorse's trust model.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The GPG trust model is complex. It's hard to grasp all the nuances of it. Basically only GPG developers and GPG geeks have a chance of using it properly. There are differing opinions of what "proper use" is. There are even *different* trust models available for selection in GPG. We need to make this simple enough for someone (who has a life outside of GPG) to use. Note that I did not say 'grasp'. The user should not have to learn a bunch of theory. We also need to remain secure and 'correct'. I put quotes around 'correct' because there are obviously differing opinions as to correctness. Here's my proposal. I may be missing something or have gotten something wrong. Let's discuss it. Cheers, Nate SUMMARY: * We initially user to verify to mark an owner trust on the key. * Then we encourage the user to sign the key as a method of indicating that trust to others. DETAILS: Assuming an unsigned, 'no-trust-assigned' public key, the first thing the user sees on the 'Trust' page is a checkbox like this: [ ] I have verified that this key belongs to who it says it does. Checking this will set the GPG Owner Trust to 'marginal'. Below that is another checkbox which is initially disabled. By checking the above checkbox, this becomes enabled: [ ] I trust signatures on other keys that are made by the owner of this key. Checking this second box will set the GPG Owner Trust to 'complete'. The other Owner Trust values (ie: 'never', and 'ultimate') are still available for advanced users on the 'Details' tab. If an advanced user has customized the Owner Trust (ie: by selecting 'never' or 'ultimate') then instead of the above checkboxes, a message is displayed to that effect (directing them to the 'Details' tab). Once the first checkbox (described above) has been checked, and if the user has not yet signed the key with one of his private keys, then we put something like following message up: To inidcate your trust of this key to others, sign it. [Sign Key] It's important to note that the 'Sign Key' operation is also available through other places in the UI. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEHxnXe/sRCNknZa8RAhO1AJ9eNgK6jJb8hUY07qABMrTEcGEHZQCgqBQb Sl32j5MgSY0M5+bOnZmIcdE= =EQQX -----END PGP SIGNATURE-----