Robot CA at toehold.com
Janusz A. Urbanowiz
Thu Dec 12 11:50:15 2002
On Wed, Dec 11, 2002 at 07:54:54AM -0500, David Shaw wrote:
> On Sun, Dec 08, 2002 at 06:40:44PM +0100, Janusz A. Urbanowiz wrote:
> > On Tue, Dec 10, 2002 at 03:07:40PM -0000, email@example.com wrote:
> > >
> > > I would really like to see all robots and automated scripts kept out
> > > of the WoT and continue to assume (hope?) that all signatures inside of the
> > > web were performed correctly by actual people. Barring that, I'd like to
> > > have an option to the various WoT trace programs that allow certain keys
> > > to be excluded. This sounds easier than trying to account for
> > > signature levels, which are not reliable anyway, as many have pointed
> > > out.
> > In GPG you can set the key owner to 'I do not trust signatures by this key'.
> > I don't know if it works as expected (i.e. negative weight on signature).
> Not negative, just zero. It can't be negative, or signatures by this
> key will cause otherwise trusted keys (from good paths) to be
> untrusted. Better to make the untrusted key have no effect at all.
> "Don't know", "Don't trust", and unset are all treated as zero trust.
I was thinking of situation when the key is identified to deliberately make
false signatures (on keys with bogus IDs).