Sig classification (was Re: discussion on increasing amount of gpg signatures...)

David Shaw dshaw@jabberwocky.com
Wed Oct 17 01:04:01 2001 

--w7PDEPdKQumQfZlR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Oct 16, 2001 at 04:49:31PM +0100, Matthew Byng-Maddick wrote:

> On Tue, Oct 16, 2001 at 11:06:30AM -0400, Michael Young wrote:

> > To make good use of these additional validity levels, the trust

> > model really should understand them.  For example, I might

> > fully trust type-3 signatures from "John Smith", partially

> > trust his type-2 signatures, and not trust any type-1.

> > But that's for another day... I'm glad to see the first step.

>=20

> If you do this, you have to trust that he will choose the correct type of

> signature to sign with.


Yes, and also that he can choose his signature type in the first
place.  All versions of PGP create the generic "I'm not going to say
how much checking I did" form of the signature.

Incidentally, I did confirm that PGP (at least version 6.5.8 and
later) does understand all 4 signature types, even though it can't
generate them.

David

--=20
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+--------------------------------------------------------------------------=
-+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

--w7PDEPdKQumQfZlR
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQEVAwUBO8y8YIccwqs8s7QVAQFljwgAgsxVckn5PpFTRrmTRiUpvxUWc5IHwqK2
pdV56GepfHGcy8v8J5Evp9VjAfXB5576WNuoNpAiMwg5RSoR+zlXp4IgJowo15rS
g+dA83VUGpeJWLuxRyX1GlR32eWS3amVlnka21fJ66kOuzHxOpEn0nu7kZbxwGAt
+4nnCRL/cmzBGDnL/ToPbfvzHsuhG2blUIPClirT7ffLysbDWd9pwgVQ2QIbhQg+
2MyvCnFeyDANloGFPigtR+5fWskidWJbvTmvrwLStwwlNfhiUidfTbCQ3fFIlsGY
gC2bY9/wLEeJIx4qBxtfNKW0K5aRuKOaIwsuAP4+pHdflip2deQT1g==
=EKJ1
-----END PGP SIGNATURE-----

--w7PDEPdKQumQfZlR--