key signing
David Shaw
dshaw@jabberwocky.com
Thu Jan 2 15:25:02 2003
On Thu, Jan 02, 2003 at 03:18:12PM +0100, Tuyen DINH wrote:
>
> Hello,
>
> When you want to sign a key you have just imported, in which cases will
> you choose one the following choices :
>
> (0) I will not answer. (default) ?
> (1) I have not checked at all. ?
If you type a question mark (?) when GnuPG asks this question, you
will get a long explanation. That text is:
--------------------------
When you sign a user ID on a key, you should first verify that the key
belongs to the person named in the user ID. It is useful for others
to know how carefully you verified this.
"0" means you make no particular claim as to how carefully you
verified the key.
"1" means you believe the key is owned by the person who claims to own
it but you could not, or did not verify the key at all. This is
useful for a "persona" verification, where you sign the key of a
pseudonymous user.
"2" means you did casual verification of the key. For example, this
could mean that you verified the key fingerprint and checked the
user ID on the key against a photo ID.
"3" means you did extensive verification of the key. For example,
this could mean that you verified the key fingerprint with the
owner of the key in person, and that you checked, by means of a
hard to forge document with a photo ID (such as a passport) that
the name of the key owner matches the name in the user ID on the
key, and finally that you verified (by exchange of email) that the
email address on the key belongs to the key owner.
Note that the examples given above for levels 2 and 3 are *only*
examples. In the end, it is up to you to decide just what "casual"
and "extensive" mean to you when you sign other keys.
If you don't know what the right answer is, answer "0".
-------------------------------------
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson