Re; Sig classification (was Re: discussion on increasing amount of gpg signatures...)

Tue Oct 16 18:09:02 CEST 2001

-----BEGIN PGP SIGNED MESSAGE-----

> Before you sign, GnuPG will prompt you for which level of
> certification you want to use.  Answer "?" for an explanation of the
> different levels.

Excellent!  A couple of months ago, I built a command-line switch
to do this, but didn't get around to posting it.  (When I looked
back through the mailing list archives, it appeared that signature
types were an unpopular idea at some past OpenPGP meetings.)

How would you feel about adding a command-line option?  As it
stands, batch operations get a "generic" signature.  I used
"--sig-type" in my patch.  I could recreate it against yours
if you're interested.

To make good use of these additional validity levels, the trust
model really should understand them.  For example, I might
fully trust type-3 signatures from "John Smith", partially
trust his type-2 signatures, and not trust any type-1.
But that's for another day... I'm glad to see the first step.