From: John Dlugosz
Thanks again, Hal, the light is beining to dawn.
It's a somewhat complicated concept and not usually very useful outside
of relatively closed systems.
I'm working on a closed system. What you describe is pretty much what I'm
doing.
Basically, instead of just "this is Bob" chaining down the trust, with the
assumption that everyone in that chain of trust is within the organization,
I can verify that everything in the chain back to Trent has the trust
signature packet too, meaning that this link is not just some random
employee but someone empowered to say "this is Bob". Is that right?
So, if I understand right, Trent will put the trust signature subpacket
onto his certification of his vice-trents. There might be several layers
here, and finally the supervisors who have face-to-face contact with
someone can sign the UserID, but can't further delegate their signing
authority. The "level" (depth) lets me do that, and the "amount" isn't
useful for my purpose.
--John