no-ask-cert-level, default-cert-level, and keysigning

Bob Proulx bob at
Mon Nov 28 02:04:56 CET 2005

I recently signed a key using gpg-1.4.1 and see that (at least on my
Debian Sarge system) no-ask-cert-level apears to be the default
default-cert-level is "0 (no particular claim)".

In the old days I remember it would always ask this question upon
signing and so assume the default must have been ask-cert-level.  Now
it does not ask and unless you add that option ahead of time it will
create a signature without any claim.  I have been out of touch and
thought I would ask about the current status of these levels in a
signed key.  I would appreciate the education.

If a key has been signed with a default-cert-level of 0 is it possible
to go back and edit the key signature and increase the level on a key?
I could not find a way to do this.  The best I could find was to
delete the key plus signature and sign it again using a different
level.  Of course that worked.

Is this cert level no longer considered useful?  Should I not include
a cert level with keys I sign now?  Or should we always add that
option when signing a key?  What is the standard proceedure?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/attachments/20051127/5d24faf1/attachment.pgp

More information about the Gnupg-users mailing list