moving user ID Comments to --expert mode

Robert J. Hansen rjh at sixdemonbag.org
Fri Feb 4 00:02:56 CET 2011


On 2/3/11 5:47 PM, Daniel Kahn Gillmor wrote:
>> By certifying the full user ID you are also certifying the comment.

This is not how either OpenPGP or GnuPG work.

Certifiers get to define what their certifications mean.  Bang, period,
end of sentence.  There are *no* certification semantics in OpenPGP:
there is only a rich and comprehensive set of syntactic primitives.
It's true that, say, a persona-level signature is different
syntactically than an I-have-done-extensive-checking signature: but
OpenPGP quite wisely says *nothing* about the level of checking which
goes into each signature level.

If you see a certification and you assume you know what the certifier
intends, then you are living in sin.  Ask the certifier what for their
policy: that's the only way to know.  Some people will make
certifications willy-nilly ("well, I've traded emails with the guy a few
times...").  Some will make certifications only very carefully.  Some
will make totally unreasonable certifications because they don't know
any better, and some will not make reasonable certifications because
they have an abundance of paranoia.  Unless you ask the certifier, *you
do not, and cannot, know*.

By certifying the full user ID, I am making a statement that is derived
from my own local certification policy.  That's all.  Nothing else.



More information about the Gnupg-users mailing list