trust
David Shaw
dshaw@jabberwocky.com
Tue Dec 10 04:08:02 2002
On Tue, Dec 10, 2002 at 03:02:04AM -0000, David Pic=F3n =C1lvarez wrote:
> Hi,
>=20
> Is it any use to specify trust for a non-valid (i.e. a key I haven't si=
gned
> and no one I know has signed) key?
No harm, but no benefit either. The trust value will be ignored on an
invalid key.
> This way I could just say I trust, let's say, WK to sign keys competent=
ly. I
> understand that it seems to make little sense to assert I trust him and=
at
> the same time I don't know for sure his key is his. The difference is t=
he
> following: if I decide to take the risk and assume his key is his and t=
hus
> trust his signatures, that's only my problem. If I would sign his key,
> that's no longer only my problem, but also the problem of those who may
> trust me. So, does assigning trust to an invalid key have any effect?
I think what you are looking for is a local signature ("lsign" in the
--edit-key menu, or --lsign-key on the command line). This is a
signature just like any other signature except that it is local to
your keyring only. Use lsign instead of sign and you solve the exact
problem you describe.
David
--=20
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.co=
m/
+------------------------------------------------------------------------=
---+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson