David Shaw
Tue Dec 10 04:08:02 2002

On Tue, Dec 10, 2002 at 03:02:04AM -0000, David Pic=F3n =C1lvarez wrote:
> Hi,
> Is it any use to specify trust for a non-valid (i.e. a key I haven't si=
> and no one I know has signed) key?

No harm, but no benefit either.  The trust value will be ignored on an
invalid key.

> This way I could just say I trust, let's say, WK to sign keys competent=
ly. I
> understand that it seems to make little sense to assert I trust him and=
> the same time I don't know for sure his key is his. The difference is t=
> following: if I decide to take the risk and assume his key is his and t=
> trust his signatures, that's only my problem. If I would sign his key,
> that's no longer only my problem, but also the problem of those who may
> trust me. So, does assigning trust to an invalid key have any effect?

I think what you are looking for is a local signature ("lsign" in the
--edit-key menu, or --lsign-key on the command line).  This is a
signature just like any other signature except that it is local to
your keyring only.  Use lsign instead of sign and you solve the exact
problem you describe.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson