Key certification quality
David Shaw
dshaw@jabberwocky.com
Thu Jun 6 20:29:01 2002
On Thu, Jun 06, 2002 at 03:19:16AM -0700, David Pic=F3n =C1lvarez wrote:
>=20
> Hi,
>=20
> Now that gnupg allows users to specify the quality of the verification =
of a
> key when they certificate it, will it be possible to use this data in o=
rder
> to calculate trust? I mean, a 3 signature should be more powerful than =
a 2
> signature, shouldn't it?
At some point in the future this may be possible. Currently, the
number is just there for human use.
When I wrote that feature, I figured that it would take a while before
enough people used it on enough keys to make it worthwhile to talk
about going further.
Possibly it would work something like "I only accept level 2 and above
key certifications from user X, but from user Y, I accept only level
3s". OpenPGP already has a notion of a "trust signature" which is
more along the lines of what you are saying with more or less
'powerful' signatures. This would be something much simpler.
David
--=20
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.co=
m/
+------------------------------------------------------------------------=
---+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson