no-ask-cert-level, default-cert-level, and keysigning
Bob Proulx
bob at proulx.com
Mon Nov 28 16:45:36 CET 2005
David Shaw wrote:
> Bob Proulx wrote:
> > If a key has been signed with a default-cert-level of 0 is it possible
> > to go back and edit the key signature and increase the level on a key?
> > I could not find a way to do this. The best I could find was to
> > delete the key plus signature and sign it again using a different
> > level. Of course that worked.
>
> That is the only way to do it. The cert level is part of the
> signature, and thus changing it requires issuing a new signature.
Ah... That makes sense. But I did not realize that before.
> > Is this cert level no longer considered useful? Should I not include
> > a cert level with keys I sign now? Or should we always add that
> > option when signing a key? What is the standard proceedure?
>
> It's a matter of personal taste, really. Some people like it, and
> some don't. It doesn't make much difference in practice since (unless
> you're issuing level 1 sigatures, which are ignored by default), all
> signature levels (or 0) are treated the same.
Okay. I was thinking that somehow in the trust model the different
levels were used differently. Such as something like three signatures
of trust level 2 or one signature of trust level 3 were needed to
trust a key, or some such. My memory is vague. Thanks for the update.
Bob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/attachments/20051128/7a33c37f/attachment.pgp
More information about the Gnupg-users
mailing list