Trust model - trust level 1 and 2
Jerome Baum
jerome at jeromebaum.com
Thu Aug 11 23:06:28 CEST 2011
> For keys with "high" security requirements the policy should also be signed by
> the ones who signed the key as it would be easy to write and sign a high
> security policy for a compromised low security key.
Hmm I guess my policy has a dual-purpose -- key policy (how secure is
it etc.) and signing policy (how well do I check other keys). The
latter needs only a self-signature, the former is another matter. I
don't think someone else can vouch for the facts about how I store my
key, as they have no way to check -- even if I use a smart-card, how
do they know I didn't generate off-card and keep a backup somewhere?
--
Jerome Baum
Hessenweg 222
48432 Rheine
GERMANY
tel +49-1578-8434336
email jerome at jeromebaum.com
web www.jeromebaum.com
--
Einigkeit und Recht und Modeerscheinung
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
--
http://five.sentenc.es
More information about the Gnupg-users
mailing list