locally signed keys are not necessarily fully trusted any more

Neil Williams linux at codehelp.co.uk
Mon Dec 20 12:00:06 CET 2004

On Friday 17 December 2004 3:02 pm, Ingo Buescher wrote:
> Hi,
> after I switched from gnupg-1.2.6 to gnupg-1.4.0 I noticed a peculiar
> problem concerning the validity of some of the keys in my keyring -
> although I signed all of them locally some are not regarded "fully"
> trusted any more.
> gallatin at nathan:~/.gnupg $ gpg --list-sig netfilter
> pub   1024D/CA9A8D5B 2001-09-15 [expires: 2006-09-14]
> uid       [ unknown] Netfilter Core Team <coreteam at netfilter.org>
> sig 3        CA9A8D5B 2001-09-15 never       Netfilter Core Team

sig 3: indicating very careful checking prior to signature.

> <coreteam at netfilter.org>
> sig          470DB964 2001-12-18 never       [User ID not found]
> sig 1 L      DF00C939 2004-06-08 2006-09-14  Ingo Buescher

sig 1: indicating casual checking.

Is GnuPG taking that into account?

Are the other locally signed keys sig 3?

> other keys I signed locally are just fine and no - those are not
> signed by a trusted third party either.
> I can repair the problem if I remove my local signature from those keys
> and use "lsign" again. Am I making a stupid mistake here?

At what LEVEL are you re-signing? 


Neil Williams

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20041220/5b795436/attachment-0001.bin

More information about the Gnupg-users mailing list