SIG level (was: Why CAs or public keysigning?)

Eugene Smiley eugene@esmiley.net
Fri Jun 20 17:46:02 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CL Gilbert wrote:
>> sig!3       7343C1E3 2002-03-26   [self-signature]
>>
>> On Thursday, June 19, 2003, at 01:05 PM, CL Gilbert wrote:
>>> Where does this information show up? i have keys in my local
>>> keyring that I assume are signed, but I never saw any =
number on
>>> them anywhere!?
>>
> Interesting.  IT seems rather silly.
>
> 0 - I refuse to answer???
> 1 - I have not checked??
> 2 - I have done casual checking
> 3 - I have checked
>
> It seems to me the only meaningful option is 3.  Any other =
option
> is rather silly.  Why even sign the key if your choice is not=
 3?

Encryption has three primary uses: Authentication, Privacy, and
Integrity. If I simply want to create an envelope for my
communications (Privacy), but I am not worried about =
Authentication
and Integrity, I can do this without it being neccessary to =
check
everyone's identity strictly. I would set --default-cert-level =
in
gpg.conf to 0 or 1.

There are mail client projects that are in the works in this =
vane.
I can't remember which ones, though.

It is related to each individuals perceived threat model. Some
people don't have the need for the formal methods. But, as it =
has
been pointed out, the sig level is a bit too subjective to be of
much value. Yet.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32) - GPGrelay v0.92

iD8DBQE+8yx86QPtAqft/S8RAg/YAKCQ0v0dNvV6F4iXSDLI8qc6j8tE6ACdEwQR
BlHggzIkppZnRkI3i0TMYbY=3D
=3DpNqD
-----END PGP SIGNATURE-----