Sig classification (was Re: discussion on increasing amount of gpg signatures...)

David Shaw dshaw at jabberwocky.com
Wed Oct 17 02:04:01 CEST 2001


On Tue, Oct 16, 2001 at 04:49:31PM +0100, Matthew Byng-Maddick wrote:
> On Tue, Oct 16, 2001 at 11:06:30AM -0400, Michael Young wrote:
> > To make good use of these additional validity levels, the trust
> > model really should understand them.  For example, I might
> > fully trust type-3 signatures from "John Smith", partially
> > trust his type-2 signatures, and not trust any type-1.
> > But that's for another day... I'm glad to see the first step.
> 
> If you do this, you have to trust that he will choose the correct type of
> signature to sign with.

Yes, and also that he can choose his signature type in the first
place.  All versions of PGP create the generic "I'm not going to say
how much checking I did" form of the signature.

Incidentally, I did confirm that PGP (at least version 6.5.8 and
later) does understand all 4 signature types, even though it can't
generate them.

David

-- 
   David Shaw  |  dshaw at jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 536 bytes
Desc: not available
Url : /pipermail/attachments/20011017/23c7e3b4/attachment.bin


More information about the Gnupg-devel mailing list