the RetroShare forums

[Louigi Verona]

Me and my friends have exchanged keys. Each of us has authorized another with a GPG key and password. It said okay. But when I look at my peers details, it says that trust is marginal and says again: Sign with GPG key. When I press this button it says: "Maybe password is wrong" and the button disappears.

Is this a bug or are we doing smth wrong? The button never appears again. I can set trust to full, but in my friends list all of my friends appear as if they were authenticated by me only, though they say they did authenticate me on their side.

We can chat, exchange files and all that, only this weird option remains.

[fsck]

I've had this issue, too. It seems like a pretty small problem, but it actually completely breaks the web of trust concept. If your network grows very much, that might become a problem, depending on usage.

The problem is that RetroShare doesn't seem to exchange key signatures. You could mess around with exporting your keys and sending them to everyone (being sure to use the "include signatures" box), but that's a huge hassle with more than a handful of people and really doesn't solve the problem. You could also use GPA and work with the GnuPG key server, which is a lot easier, but puts your public key on the net. It's called public, after all, and isn't particularly foolish as far as I know.

The best solution, I think, for the developers, would either to have a more robust key manager (including keyserver handling and such) built into RetroShare or, for real decentralization, have it act as its' own keyserver. I seriously doubt that keys.gnupg.net is going to be shut down anytime soon.

[Distro]

At the moment signing certificates and changing trust is useless.

[Louigi Verona]

So it doesn't do anything, those levels of trust?

[apoapo]

Useless? Are you sure? I think it is used for transferring keys or not to friends. Also signing is a sign of trust to other friends. The web-of-trust depends on trsutlevels/signings. In the network tab you can see which friends trust you half/full.

A friend that is fully trusted by you means you will have his friends in your list as half trusted. (am i correct?)

[Louigi Verona]

But if you half-trust someone, what exactly does it mean? He won't be able to see some of your details? This is the question. If currently there is no difference, well - then there is no difference!

[apoapo]

Mh, the wiki says:

How does the security/privacy work?

TODO
What does "Trust" mean in RetroShare?

TODO

I hope a developer can help us out here? Maybe updating the wiki with the answer would be useful, volunteer here