published key security levels

Hauke Laging mailinglisten at
Thu May 13 16:15:07 CEST 2010

Am Donnerstag 13 Mai 2010 09:16:56 schrieb Hagen Fürstenau:
> > The main problem is: How do people recognise your high security key as
> > such? By the comment only?
> Seems like a pretty good use of the comment field to me. Especially
> since it might be hard to agree on generally applicable "security levels".

These two problems are not connected.

I don't think that people will like to write an individual description into 
their comment field. Thus a category standard seems necessary to me. This 
standard need not be bound to technical, it can be "legal" instead. How big 
may the loss be you are willing to bear due to a forged signature or revealed 
confidential information?

0: undetermined (zero)
1: zero
2: low
3: medium
4: high
5: unlimited

Everyone can determine for himself then how he translates this into technical 
and organizational requirements for himself. Another possibility is to allow 
both statements.


PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20100513/247c9472/attachment.pgp>

More information about the Gnupg-users mailing list