Signing signature policies required for safe key usage?

Doug Barton dougb at
Thu Mar 10 20:39:35 CET 2011

On 03/10/2011 04:56, Hauke Laging wrote:
> A signature itself does not say much except that the one who created it had
> access to the secret key.

... and whether or not the thing you have (email message, software blob, 
etc.) is the same as the thing that was signed by the signer. Beyond 
that you're correct in saying that everything else you can infer from 
the signature is based on your understanding/confidence/etc. in the 
keyholder's security, policy, etc.



	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)

More information about the Gnupg-users mailing list