SIG level (was: Why CAs or public keysigning?)

David Shaw dshaw@jabberwocky.com
Fri Jun 20 18:23:02 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, Jun 20, 2003 at 11:46:53AM -0400, Eugene Smiley wrote:

> It is related to each individuals perceived threat model. Some
> people don't have the need for the formal methods. But, as it has
> been pointed out, the sig level is a bit too subjective to be of
> much value. Yet.

This is a misunderstanding of signature levels.  The whole point of
them is that they are completely and utterly subjective.  By design,
they cannot be anything but subjective.  Similarly, their value lies
in them being subjective, as if they were not, they could be fairly
easily abused.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iD8DBQE+8zUh4mZch0nhy8kRAh6RAJwM+NW/Ckamr9EhNFx8fpn86toHJACg0qU0
fOVtomPgaLfH1pPROatUT8M=
=y/hd
-----END PGP SIGNATURE-----