Why CAs or public keysigning?
CL Gilbert
Lamont_Gilbert@RigidSoftware.com
Fri Jun 20 20:30:05 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David Shaw wrote:
| On Fri, Jun 20, 2003 at 10:19:24AM -0400, CL Gilbert wrote:
|
|
|>0 - I refuse to answer???
|>1 - I have not checked??
|>2 - I have done casual checking
|>3 - I have checked
|>
|>It seems to me the only meaningful option is 3. Any other option is
|>rather silly. Why even sign the key if your choice is not 3?
|
|
| That is, of course, your choice. The idea of sig levels is to allow a
| signer to express the difference between (for example), checking a
| passport, and checking a passport plus verifying the email address.
| They are both "checking", but one is certainly more casual than the
| other.
|
| If you always check in the same single way, and will not sign unless
| that exact requirement is met, then signature levels don't help you
| much.
|
| When I sign, for example, I check a photo ID and send an email address
| challenge. If that is met, I give a level 2. If I know the person
| personally, I'll give a level 3. It's completely subjective, and my
| level 2 is likely to be different than someone elses level 2.
|
| David
I can think of no good reason to sign someones key that I do not know
personally or professionally. The number does not seem relevant.
Anything less than absolute security is absolute insecurity.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
- --
Thank you,
CL Gilbert
Free Java interface to Freechess.org
http://www.rigidsoftware.com/Chess/chess.html
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard." Ecclesiastes 9:16
GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD 19AE 55B2 4CD7 80D2 0A2D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE+81JVVbJM14DSCi0RAhpkAJ0WBiNumQ8oPn1t/kIMdAW76ZVuYACcCOB6
bYtXoDoouLkSfON31bNtZes=
=DF8n
-----END PGP SIGNATURE-----