discussion on increasing amount of gpg signatures...
Len Sassaman
rabbi@quickie.net
Sat Oct 13 05:24:01 2001
On Fri, 12 Oct 2001, Ben Paul Wise wrote:
> Johan et al:
>
> The "web of trust" is not meant to determine honesty, reliability,
> discretion, etc. It is meant to be a web of certifications that the keys
> are actually in use by those who appear to be using them.
And furthermore, this varies by degrees as well.
Some people have "high-security" signing keys, which they use to sign
keys belong to people of whose identity they are absolutely positive; "low
security keys" they use to sign online acquaintences' keys; pseudonym
signing keys, etc.
As a user of the Web of Trust, you need to take into consideration the
signing policies of a given key before you would trust it as an introducer
of trust yourself.
(A side note -- there is a useful feature in OpenPGP that allows you to
add a pointer to the CPS, or signing policy for a given key, into the
signature being made. Use --set-policy-url to do this.)
--Len.