The following is an email sent from Nate Nielsen to regarding Seahorse's trust model.

Hash: SHA1

The GPG trust model is complex. It's hard to grasp all the nuances of
it. Basically only GPG developers and GPG geeks have a chance of using
it properly. There are differing opinions of what "proper use" is. There
are even *different* trust models available for selection in GPG.

We need to make this simple enough for someone (who has a life outside
of GPG) to use. Note that I did not say 'grasp'. The user should not
have to learn a bunch of theory. We also need to remain secure and
'correct'. I put quotes around 'correct' because there are obviously
differing opinions as to correctness.

Here's my proposal. I may be missing something or have gotten something
wrong. Let's discuss it.



 * We initially user to verify to mark an owner trust on the key.
 * Then we encourage the user to sign the key as a method
   of indicating that trust to others.


Assuming an unsigned, 'no-trust-assigned' public key, the first thing
the user sees on the 'Trust' page is a checkbox like this:

 [ ] I have verified that this key belongs to
     who it says it does.

Checking this will set the GPG Owner Trust to 'marginal'. Below that is
another checkbox which is initially disabled. By checking the above
checkbox, this becomes enabled:

 [ ] I trust signatures on other keys that are made
     by the owner of this key.

Checking this second box will set the GPG Owner Trust to 'complete'.

The other Owner Trust values (ie: 'never', and 'ultimate') are still
available for advanced users on the 'Details' tab. If an advanced user
has customized the Owner Trust (ie: by selecting 'never' or 'ultimate')
then instead of the above checkboxes, a message is displayed to that
effect (directing them to the 'Details' tab).

Once the first checkbox (described above) has been checked, and if the
user has not yet signed the key with one of his private keys, then we
put something like following message up:

To inidcate your trust of this key to others, sign it. [Sign Key]

It's important to note that the 'Sign Key' operation is also available
through other places in the UI.

Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -


Apps/Seahorse/TrustModel (last edited 2013-11-19 17:27:10 by WilliamJonMcCann)