Revoke signature from key

Grant Olson kgo at grant-olson.net
Mon Mar 21 22:41:33 CET 2011


On 03/21/2011 05:17 PM, Daniel Kahn Gillmor wrote:
> On 03/21/2011 04:51 PM, Grant Olson wrote:
>>
>> But that doesn't provide any easy way for me to only trust your
>> identity+metadata certifications, if, for example, I trust you to sign
>> in your role for a company, but don't trust or care about your
>> personally-issued sigs.
> 
> You are free to disregard any of my certifications you like.  It would
> not be unreasonable of you to say "i will disregard all certifications
> by dkg that lack a department at example.com notation." if that's what
> you're trying to do.
> 
>> Instead of signing your key, I need to manually
>> inspect any and all keys that may have your signature.
> 
> Why is this a manual process?  You would not be inspecting the keys --
> you'd be inspecting my signatures, which you have to do anyway (at least
> in order to cryptographically verify them).
> 

It's manual because now I can't just sign your key, let the WoT and gpg
do it's job, and get on with my life.  I need to manually run
--list-sigs on any new keys.

Regarding your other points, I don't have any semantic problems with
what you're proposing, I just don't think it's a workable solution
today.  It seems like we're in agreement on that.

-- 
-Grant

"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110321/f57314d3/attachment.pgp>


More information about the Gnupg-users mailing list