How trust works in gpg...
Faramir
faramir.cl at gmail.com
Mon May 5 15:19:03 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Sven Radde escribió:
> Faramir schrieb:
>> I was reading again this message, and I'd like to know: is there any
>> point about signing a key _but not giving any trusted status_ ?
> Yes.
> Signing the key makes it valid for you (i.e. you believe that the
person indicated in the key's User-IDs is the person who actually has
control over the secret key).
> Assigning trust to a key means that you believe that the person owning
the secret key is careful before he/she signs other people's keys (i.e.
you consider other keys valid if they are signed by that person without
checking the UID yourself).
>
> It can very well be the case that you are sure that a key is valid but
you do not trust the owner to make this kind of assertion about other keys.
> Think of a long time friend whose key you have gotten during a personal
meeting but about who you know that he doesn't understand the GnuPG
trust concept at all. You can obviously sign his key, but you wouldn't
trust any signatures on other people's keys by him.
>
> HTH, Sven
I got the idea now, thanks. But I still have one more question: there
are also some levels of how much valid is the key I am signing... or at
least, some levels about how carefully I have checked the key is valid,
so, what is the requisite for each level? I am using an email address
that clearly doesn't show my real name, and my key's User ID also
doesn't give any personal detail about me, but somebody can trust it is
"me" the one that is writing this message, and also can trust I am not
impersonating someone else, so would it be ok if that person sign my key
as 100% valid? What I am really asking about, is what is the "standard"
way to chose what level to use when signing a key, and if is "normal" to
sign the key of other people in this list.
Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBAgAGBQJIHwlHAAoJEIISGkVDGUEOBxwH/3RcQDhxypVtk6Lfjhc1PGqk
rwFxomfqjFTGiyLH3v0DoqUZK9H7ftV/S/eIj6LiLV44W2LsNjQYnwbRitlah4zX
WLL9LxjpI56gcOMviCsRU3RKyV0XVvOFq2D7ROax3AEj+2479yrESGF3IQesEIiE
Ufiz2yBBM50wrgTsYWq4MMm439kZ7eDmX4f7fhHPoa9yyvohirJKcQ+1fxnA34zS
06zAU93shk54KtzX27BoX72MHT6UfWvLPGcUvPe+hVPtefFj2nHNL2PS+UiSXbZ6
suzYKLUpvIuwlPniQrHxlfkNegzzclLdjtTN1eZub02AKIxg/6DXnfBpLIsg0K0=
=tf2h
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list