how to handle "bad" signers?
alphasigmax at gmail.com
Sat Nov 5 15:39:36 CET 2005
-----BEGIN PGP SIGNED MESSAGE-----
David Shaw wrote:
> On Sat, Nov 05, 2005 at 12:30:46PM +0100, Thomas Kuehne wrote:
>>How should 4) be dealt with?
>>As far as I am aware the is no negative signature or any other way to
>>mark those keys - except for local trust settings.
> That is correct. It really has to be this way, for good and for bad.
> Trust is inherently subjective - even the 1-2-3 trust levels are just
> guidelines and there is no way to enforce them beyond asking people
> nicely not to abuse the system.
> Of course, it would be possible to propose a different trust model
> that takes into account such things (a reputation system), but that
> would be a reasonably different beast than the current system. Not
> impossible, but it would take some working out of details. OpenPGP
> currently has no way to make a "negative" signature.
If it did, there would be a corresponding "Web of Antitrust".
Alphax | /"\
Encrypted Email Preferred | \ / ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards
http://tinyurl.com/cc9up | / \
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Gnupg-users