trust your corporation for keyowner identification?
Paul R. Ramer
free10pro at gmail.com
Wed Nov 6 02:32:38 CET 2013
>On Tuesday 5 November 2013 at 11:03:19 PM, in
><mid:52797937.5090404 at gmail.com>, Paul R. Ramer wrote:
>
>> But if you sign it with an exportable
>> signature, you are saying to others that you have
>> verified the key.
>
>In the absence of a published keysigning policy, isn't that an
>assumption?
Signing is to be an attestation to the validity of the key. But, yes, in absence of a keysigning policy (or in some other way of knowing how that person signs keys) it is just an assumption as to what that signature means.
I would not assume what the value of a signature is without knowing how that person signs keys, and I would still need to believe that person's methods are acceptable to me.
Cheers,
--Paul
--
PGP: 3DB6D884
More information about the Gnupg-users
mailing list