Signing a Key

Atom Smasher atom at
Sat Feb 5 20:31:23 CET 2005

Hash: SHA256

On Sat, 5 Feb 2005, Jason Harris wrote:

> Even ignoring 0x11 signatures, a 0x12 signature from a given issuer 
> implies less trust (due to less checking) than a 0x13 signature from the 
> same issuer.  What is the point in (any OpenPGP program) throwing this 
> extra data away (by ignoring it in trust calculations)?

i don't know about anyone else, but i reserve 0x13 sigs for people i 
*know*, usually for some length of time.

if i meet someone at a keysigning party and they show me some 
identification with a picture that looks like them, that earns a 0x12 from 
me. i have no idea who they *really* are, but they have gone through the 
trouble of showing me some identification that looks like them. OTOH if my 
brother, or someone who i've known personally for a several years wants me 
to sign their key, they're more likely to _earn_ a 0x13 sig from me.

to me, that fits the definition of "casual" and "extensive" verification. 
if i board a plane and they look at my identification, i wouldn't call 
that an "extensive" check.

of course, the system does encourage people to do what makes sense for 
them. there isn't necessarily a wrong way to issue sigs... as long as 
there's a defensible reasoning for it, everyone can choose for them self 
how to define "casual" and "extensive".

- -- 

  PGP key -
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808

 	"A good many observers have remarked that if
 	 equality could come at once the Negro would
 	 not be ready for it. I submit that the
 	 white American is even more unprepared."
 		-- Martin Luther King, Jr.

Version: GnuPG v1.4.0 (FreeBSD)
Comment: What is this gibberish?


More information about the Gnupg-users mailing list