Suspect Signatures

Robert J. Hansen rjh at sixdemonbag.org
Wed Sep 24 04:33:12 CEST 2008


David Newman wrote:
> I guess I don't understand how the WoT will be able to figure out
> that he is untrustworthy if there is no way to mark a signature
> as untrustworthy.  It seems there should be a way to sign signatures
> as good or bad.

A lot of people disagree with me on this, but so far nobody's been able
to come up with a compelling logical argument why I'm wrong -- the
objections are rooted much more in what people _want_ to be true than
what's actually true.

This is true: only correct signatures from valid keys belonging to
trusted individuals are meaningful.  Everything else is just line noise.

So why should you care if there are signatures on your key from people
you don't know or don't trust?  It's not as if you trust this person.
And if other people want to trust that person, is it really any of your
business to say "no, no, you're wrong, this person can't be trusted"?




More information about the Gnupg-users mailing list