Signing signature policies required for safe key usage?
Doug Barton
dougb at dougbarton.us
Thu Mar 10 20:39:35 CET 2011
On 03/10/2011 04:56, Hauke Laging wrote:
> A signature itself does not say much except that the one who created it had
> access to the secret key.
... and whether or not the thing you have (email message, software blob,
etc.) is the same as the thing that was signed by the signer. Beyond
that you're correct in saying that everything else you can infer from
the signature is based on your understanding/confidence/etc. in the
keyholder's security, policy, etc.
Doug
--
Nothin' ever doesn't change, but nothin' changes much.
-- OK Go
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
More information about the Gnupg-users
mailing list