Sun Jun 8 11:34:02 2003
On Saturday 07 June 2003 21:14, Werner Koch wrote:
> On Sat, 7 Jun 2003 12:03:56 +0200, Ingo Kl=F6cker said:
> > Then I hope that you sign those keys only locally (i. e. with gpg
> > --lsign).
> No, it is about whether you trust hime to do a suitable identity
> check. If you don't trust hime, answer "I don't trust". The Web Of
> Trust does not work with a common policy - its all about how you
> trust others to fo the Right Thing.
Well, if Carl only signed those keys with exportable signatures that he=20
has carefully checked and if he signed all other keys with local,=20
non-exportable signatures then I could trust him (to a certain extend),=20
right? So whether I can trust his signatures or not depends very much=20
on his usage or not-usage of local signatures for unverified keys.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
-----END PGP SIGNATURE-----