Robot CA at toehold.com
Thu Dec 5 21:34:01 2002
Content-Type: text/plain; charset=us-ascii
On Thu, Dec 05, 2002 at 11:30:13AM -0600, Kyle Hasselbacher wrote:
> On Thu, Dec 05, 2002 at 11:13:27AM -0500, David Shaw wrote:
> >Note also that OpenPGP defines multiple signature verification
> >levels. I've argued in the past, and continue to argue now that any
> >automated signer should use 0x11 "persona" signatures as a hint that
> >this is an unusual signature.
> I made this an option in the robot's config file. Mine makes normal
> signatures right now only because I couldn't decide on 1 or 2. I agree
> that this would be a good way to flag it as an unusual signature.
2 (0x12) isn't the proper option, as this thread shows:
On Thu, Dec 05, 2002 at 11:43:12AM -0600, Kyle Hasselbacher wrote:
> On Thu, Dec 05, 2002 at 10:54:47AM -0500, Jason Harris wrote:
> >Does anyone else want to see the signatures from this CA be 0x11/persona
> >signatures (besides me)?
> Yes. I didn't do it because I was put off by GnuPG's "I have done no
> verification" description. It does SOME verification, just not a lot.
> Since I'm seeing multiple people suggest this, I'll probably do it this w=
> in the near future.
It has confused others as well...
On Thu, Dec 05, 2002 at 08:03:57PM +0100, Michael Nahrath wrote:
> Kyle Hasselbacher <firstname.lastname@example.org> schrieb am 2002-12-05
> 18:43 Uhr:
> > Since I'm seeing multiple people suggest this, I'll probably do it this=
> > in the near future.
> Rather hurry to set up your policy!
> Signings your bot gives today can't easyly be redone tomorrow.
Indeed, but the "damage" is probably already done. Such signatures
can be revoked, however (as long as the private key remains usable).
Anyway, it will be interesting to see how signatures from this CA affect
future keyanalyze reports. (Anyone want to see the signature lists now?)
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
email@example.com | web: http://jharris.cjb.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
-----END PGP SIGNATURE-----