phrase "UNTRUSTED good signature" is dangerously misleading

Hauke Laging mailinglisten at
Sat Jul 13 19:01:32 CEST 2013

Am Sa 13.07.2013, 12:36:03 schrieb Daniel Kahn Gillmor:

> i've seen this exact same mistake made by at least two other people who
> were well-intentioned and somewhat knowledgeable.

I believe the wording is a problem; I may have mentioned that here before. The 
term "trust" confuses more or less everyone (once I even found a mix up in the 
GnuPG docs...). It should simply be forbidden to use the term "trust" at all. 
"owner trust" is not better as this is not about the owner but about the key.

I suggest to call this either "certification trust" or (getting rid of "trust" 
completely) "certification value", "certification quality" or the like.

I would also prefer not to use "marginal" and "complete" in both contexts. 
Maybe validity classes can be called "none", "not enough", and "enough".

Crypto für alle:
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130713/018462fd/attachment.sig>

More information about the Gnupg-devel mailing list