Robot CA at toehold.com

Janusz A. Urbanowiz alex@syjon.fantastyka.net
Thu Dec 12 11:50:15 2002


On Wed, Dec 11, 2002 at 07:54:54AM -0500, David Shaw wrote:
> On Sun, Dec 08, 2002 at 06:40:44PM +0100, Janusz A. Urbanowiz wrote:
> > On Tue, Dec 10, 2002 at 03:07:40PM -0000, greg@turnstep.com wrote:
> > > 
> > > I would really like to see all robots and automated scripts kept out 
> > > of the WoT and continue to assume (hope?) that all signatures inside of the 
> > > web were performed correctly by actual people. Barring that, I'd like to 
> > > have an option to the various WoT trace programs that allow certain keys 
> > > to be excluded. This sounds easier than trying to account for 
> > > signature levels, which are not reliable anyway, as many have pointed 
> > > out.
> > 
> > In GPG you can set the key owner to 'I do not trust signatures by this key'.
> > I don't know if it works as expected (i.e. negative weight on signature).
> 
> Not negative, just zero.  It can't be negative, or signatures by this
> key will cause otherwise trusted keys (from good paths) to be
> untrusted.  Better to make the untrusted key have no effect at all.
> 
> "Don't know", "Don't trust", and unset are all treated as zero trust.

I was thinking of situation when the key is identified to deliberately make
false signatures (on keys with bogus IDs).

Alex