Signing a Key

David Shaw dshaw at
Sat Feb 5 20:23:53 CET 2005

On Sat, Feb 05, 2005 at 12:28:34PM -0500, Jason Harris wrote:
> On Fri, Feb 04, 2005 at 08:46:05PM -0500, David Shaw wrote:
> > On Fri, Feb 04, 2005 at 06:51:31PM -0500, Jason Harris wrote:
> > 0x11 signatures are also interesting things.  When made by people (as
> > opposed to robots) they are in effect someone making a public
> > statement to say "Hey, look, I made a lousy signature".  I can't
> > imagine why someone would choose to advertise far and wide how
> > terrible their signing policy is, but GnuPG allows people to do stupid
> > things if they really want to.
> You (continue to) assume _all_ humans who issue 0x11 signatures do so
> without employing encrypted challenges?


As I keep saying: if you want to issue 0x11 signatures, go ahead.
Nobody is stopping you.  If you want to accept 0x11 signatures, go
ahead.  Nobody is stopping you.

Where's the problem?  You don't like the defaults?  Change them.

> Even ignoring 0x11 signatures, a 0x12 signature from a given issuer
> implies less trust (due to less checking) than a 0x13 signature from
> the same issuer.  What is the point in (any OpenPGP program) throwing
> this extra data away (by ignoring it in trust calculations)?

If a user only wants to accept 0x13 signatures, that is their decision
to make, via --min-cert-level 3.  The default behavior in GnuPG is to
accept both 0x12 and 0x13 (and 0x10, of course).


More information about the Gnupg-users mailing list