Robot CA at toehold.com

David Shaw dshaw@jabberwocky.com
Wed Dec 11 13:54:02 2002


On Sun, Dec 08, 2002 at 06:40:44PM +0100, Janusz A. Urbanowiz wrote:
> On Tue, Dec 10, 2002 at 03:07:40PM -0000, greg@turnstep.com wrote:
> > 
> > I would really like to see all robots and automated scripts kept out 
> > of the WoT and continue to assume (hope?) that all signatures inside of the 
> > web were performed correctly by actual people. Barring that, I'd like to 
> > have an option to the various WoT trace programs that allow certain keys 
> > to be excluded. This sounds easier than trying to account for 
> > signature levels, which are not reliable anyway, as many have pointed 
> > out.
> 
> In GPG you can set the key owner to 'I do not trust signatures by this key'.
> I don't know if it works as expected (i.e. negative weight on signature).

Not negative, just zero.  It can't be negative, or signatures by this
key will cause otherwise trusted keys (from good paths) to be
untrusted.  Better to make the untrusted key have no effect at all.

"Don't know", "Don't trust", and unset are all treated as zero trust.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson