discussion on increasing amount of gpg signatures...

David Shaw dshaw@jabberwocky.com
Sun Oct 14 20:08:01 2001 

--zCKi3GIZzVBPywwA
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Oct 14, 2001 at 10:54:17AM -0700, Len Sassaman wrote:

> On Sun, 14 Oct 2001, David Shaw wrote:

>=20

> > > Some people have "high-security" signing keys, which they use to sign

> > > keys belong to people of whose identity they are absolutely positive;=

 "low

> > > security keys" they use to sign online acquaintences' keys; pseudonym

> > > signing keys, etc.

> >

> > Don't forget that OpenPGP lets people put this sort of information

> > into the signature itself.  There are 4 levels of classification

> > ranging from "I'm not going to say", to "I checked this extensively".

>=20

> True; however, that function of OpenPGP isn't all that useful, in my

> opinion. One person's extensively is another person's casually,


Sure, I said this in my email.  You snipped that bit :)


> though

> this isn't the biggest drawback. There isn't a way to set a trusted

> introducer that only introduces keys that have been checked "extensively".

> It's an all or nothing decision.


True.  I don't see that as a an OpenPGP issue so much though.  There
is nothing stopping an implementation from taking the signature class
into consideration when calculating trust.  You should be able to
specify that you trust a key's signatures only if the sig class is
"extensively checked".

Or do you mean a literal "trust signature", a la the special
subpacket?

David

--=20
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+--------------------------------------------------------------------------=
-+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

--zCKi3GIZzVBPywwA
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQEVAwUBO8nTt4ccwqs8s7QVAQG/3wf+JsoxhMYGhrDu00+Iwj3omjcZV+rH+EGH
t47Z+ACmzswWvbY2ATt7pooiMiU1YupTR71f4sfAeSwUs39Gp7plg4F1s53okmPs
7/1cLtuw40O6RNKsODavzMWh5FL6cBmbXuO7qc9dAbMERruSWtPKM3CFZMnYRVg9
izYhdVV1z8wF2uLSnjiBZ70EUDRRk3RmTD7HHIEgZ99devYdZ06f2/C0BvuIMmPJ
6ONM5moFsvUVBfcPQeEXKDALZSixwPZhIchmXU1Hyv90FOSvkc3U0jwqEcaJ266P
J589eX+MUjTrRdBUIRZxtjfpjFpDc1a6hFyWkEEjYdynzISOIaQeDQ==
=Ek1S
-----END PGP SIGNATURE-----

--zCKi3GIZzVBPywwA--