no-ask-cert-level, default-cert-level, and keysigning

Bob Proulx bob at
Mon Nov 28 16:45:36 CET 2005

David Shaw wrote:
> Bob Proulx wrote:
> > If a key has been signed with a default-cert-level of 0 is it possible
> > to go back and edit the key signature and increase the level on a key?
> > I could not find a way to do this.  The best I could find was to
> > delete the key plus signature and sign it again using a different
> > level.  Of course that worked.
> That is the only way to do it.  The cert level is part of the
> signature, and thus changing it requires issuing a new signature.

Ah...  That makes sense.  But I did not realize that before.

> > Is this cert level no longer considered useful?  Should I not include
> > a cert level with keys I sign now?  Or should we always add that
> > option when signing a key?  What is the standard proceedure?
> It's a matter of personal taste, really.  Some people like it, and
> some don't.  It doesn't make much difference in practice since (unless
> you're issuing level 1 sigatures, which are ignored by default), all
> signature levels (or 0) are treated the same.

Okay.  I was thinking that somehow in the trust model the different
levels were used differently.  Such as something like three signatures
of trust level 2 or one signature of trust level 3 were needed to
trust a key, or some such.  My memory is vague.  Thanks for the update.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/attachments/20051128/7a33c37f/attachment.pgp

More information about the Gnupg-users mailing list