Key certification quality

David Shaw
Thu Jun 6 20:29:01 2002

On Thu, Jun 06, 2002 at 03:19:16AM -0700, David Pic=F3n =C1lvarez wrote:
> Hi,
> Now that gnupg allows users to specify the quality of the verification =
of a
> key when they certificate it, will it be possible to use this data in o=
> to calculate trust? I mean, a 3 signature should be more powerful than =
a 2
> signature, shouldn't it?

At some point in the future this may be possible.  Currently, the
number is just there for human use.

When I wrote that feature, I figured that it would take a while before
enough people used it on enough keys to make it worthwhile to talk
about going further.

Possibly it would work something like "I only accept level 2 and above
key certifications from user X, but from user Y, I accept only level
3s".  OpenPGP already has a notion of a "trust signature" which is
more along the lines of what you are saying with more or less
'powerful' signatures.  This would be something much simpler.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson