the RetroShare forums

[bobpaul]

By default, when you share keys with someone, RetroShare lets you connect, but the keys are unsigned and "marginally" trusted.

From this thread and prior knowledge, I understand that signing is stating "Yes, I know this person", but I don't exactly understand the implications within RetroShare.

Trust is something I only vaguely understand. My understanding is that if I mark FriendA as Full Trusted, then FriendA can somehow automatically pass friends to me so that I don't have to manually make them friends. Is this correct? How does this happen? I still have no idea what happens if I mark someone as Trust: None or as Trust: Marginal.

Someone please explain it to me like I'm 5. What do the different levels of trust mean and how does signing factor in? If I fully trust a friend, will I automatically be friends with all their friends? With all friends whose keys they sign?

[Imanuel]

If you sign a key, you make your trust to the owner publicly visible. That's all; there is no functionality of RS depending on signed keys.

[Imanuel]

I have to cut back a little on that last post by linking to a post of apoapo:
http://retroshare.sourceforge.net/forum/viewtopic.php?f=16&t=1436&p=5935#p5935

[fsck]

Signing doesn't mean "Yes, I know this person," it means "I know that the person who this key claims to belong to actually controls it." A key that you've signed is a key that your system will recognize as valid. Ideally, you can sign a key because the individual physically handed you a file on a flash disk or something. If that isn't the case, ask for the key's fingerprint on a medium that you can verify identity with.

Trust is a little bit different, but also important. If you set a key's trust to marginal, that means that you believe them to sign keys somewhat carefully. A key can be considered valid without your signature if it has three marginally trusted signatures on it (by default). Fully trusted keys are considered as good as your own, and only take one signature to be considered valid. Full trust is not something you should assign to people that you trust your secrets with, but people that you trust to not just sign keys casually. Moreover, the more keys you have set to full trust, the weaker your authentication network is. Trust values are not written into keys, and are even stored in a separate database from the keys and signatures themselves, and trust values are never made public. For more detailed information, examples and such, search for articles about the "web of trust" concept.

[bobpaul]

So, if you don't sign a key, your friends won't be automatically recommended the key.

And if enough people sign the key, your client will behave just as if the key is signed (ie, automatically pass it along to your friends.) Trust just effects the number of signatures a key needs before your client will treat a key you haven't signed the same as a key you have. (If you trust a key fully and they sign a key, your client calls that good. If you don't trust a key at all and they sign it, you just ignore their signature. But if several marginally trusted peers sign a key, your client treats it the same as if you personally signed it).

In either case, the only way to allow connection with a client using a given key, you have to "make friends" with that key.

Is that all true? Or do I still have something wrong?

[Distro]

There is no such thing as automatic recommendations in RS.

[fsck]

There is no such thing as automatic recommendations in RS.

To be honest, a key shouldn't be used if it isn't valid, especially if the application deals with sensitive data. The fact that you can add a friend based on a key that isn't valid is kind of bad, especially with so many people's first brush with gpg being a RetroShare install.

[bobpaul]

There is no such thing as automatic recommendations in RS.

From the FAQ:

The friends of your peers also know of your existence, and can attempt to connect to you through the Auto-Discovery system, but they can't connect to you unless you add them as friends.

[privatemonkey]

i am still unclear on this. can anybody clearly explain the implications of signing vs not signing within retroshare. specifically - what features appear if you sign?

perhaps if i explain my use case someone can tell me the advantages/disadvantage.

i am starting a private network of friends. initially at least, i will have retroshare running on a server with a permanent ip so people can find the network. i will also run my own instance at home. what is the benefit of asking people to sign the "servers" certificate? if it will enable them to see the other friends of the "server" this would be perfect. is that the case? or will they see other friends of the "server" regardless?

[fsck]

Retroshare doesn't do anything with signatures at all, and it's best if you don't sign without understanding precisely why you're signing.

Once a peer joins the Retroshare network, it's visible to all of the peers on the network. If you connect to your friend, you see your friend's friends, their friends, and so on.