Using root CAs as a trusted 3rd party

Aaron Toponce aaron.toponce at
Sat Jan 21 19:12:15 CET 2012

I just signed an OpenPGP key with cert level 0x12 (casual checking) given
the following scenario:

    * A PGP key was signed by an SSL certificate that was signed by a root
    * I verified that the signature was indeed from that root CA.
    * I striped the signature, and imported the PGP key.
    * I then signed the key, exported, and sent back.

What are your thoughts on using root CAs as a trusted 3rd party for
trusting that a key is owned by whom it claims? Of course, this is merely
for casual checking, but it seems to be "good enough".


. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 519 bytes
Desc: not available
URL: </pipermail/attachments/20120121/62c1a1a6/attachment.pgp>

More information about the Gnupg-users mailing list