Trust Scoring
Sigil doesn’t do binary “trusted” or “not trusted.” It gives every domain a score from 0 to 100 based on what it can verify. The scoring is deterministic - given the same inputs, you’ll always get the same score.
Score breakdown
The total score is the sum of individual layer scores, capped at 100.
| Layer | Max Points | Description |
|---|---|---|
| Keyserver presence | 25 | Public key found on known keyservers |
| Human proof (GPG + WebAuthn) | 50 | Valid signature with hardware attestation |
| Community vouches | 25 | GPG web of trust signatures from high-trust users |
Keyserver score (up to 25)
If Sigil finds your public key on at least one configured keyserver, you get points. Currently, only keys.openpgp.org is checked with more to come.
The score scales with how many keyservers have your key. Found on one, you get partial credit. Found on all configured servers, you get the full 25.
This layer is intentionally worth less than the human proof. Being on a public keyserver is a good sign for discoverability but it doesn’t prove domain ownership on its own.
Human proof score (up to 50)
The human proof score requires a valid GPG signature over the Sigil challenge and, ideally, a WebAuthn attestation.
Without WebAuthn
A valid GPG signature without WebAuthn attestation earns up to 25 points. This is “maybe human” territory. You’ve proven you hold the private key and control the domain, but there’s no hardware confirmation that a person was physically present.
With WebAuthn
A valid GPG signature plus WebAuthn attestation can earn up to 50 points depending on the timing of the ceremony.
The idea is that a real human can tap a fingerprint sensor or glance at a face scanner almost instantly. Any significant delay is suspicious, because it could mean someone is proxying the ceremony or replaying a response. But the penalty doesn’t completely destroy your score since slow hardware exists.
Vouch score (up to 25) [WIP]
Each vouch (GPG trust signature) from a high-trust user is worth +10 points, and each negative vouch is -10 points. Multiple vouches stack up to the cap of 25 additional points.
A “high-trust user” is someone who already has a Sigil score of 75 or above. Their vouches carry weight because they’ve already been through the verification process themselves. This creates a natural hierarchy where the network bootstraps its own trust over time.
Trust levels
Based on the total score, Sigil assigns a trust level that’s displayed in the extension:
| Score | Level | What it means |
|---|---|---|
| 75 – 100 | Verified | Strong evidence of a real identity behind this domain |
| 50 – 74 | Partial | Some verification passed, but gaps remain |
| 25 – 49 | Low Trust | Minimal verification. Might be legit, might not be |
| 0 – 24 | Unknown | Key exists but almost nothing checks out |
Bot scoring
Bots are scored differently. A valid bot-manifest.json with a matching GPG signature gets a flat 100/100 with a “Bot” label. There’s no WebAuthn for bots since the whole point is to declare that no human is directly behind the domain.
See Bot Registration for details.