UI terminology for calculated validities
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Apr 23 15:24:45 CEST 2014
On 04/23/2014 05:23 AM, Peter Lebbing wrote:
> On 23/04/14 00:56, Robert J. Hansen wrote:
>> I can see it, actually.
>
> Yes, after dkg's last message yesterday I also realised I had overlooked that
> scenario. I think it can be generalised as "different roles", as even the
> verification effort / signing policy can be different. Your boss might expect
> you to sign certain keys with your work key while you are much more stringent
> with your personal key.
or vice versa, actually. You might think someone is personally inclined
towards sloppiness, but will obey the rules of an organization they're
part of, and that organization might have stricter criteria for making
certifications with keys associated with the org.
> But I don't see why we need to drop the term ownertrust for that. Sometimes you
> need to pick a descriptive identifier for something and then define what it
> exactly means; it happens all the time in science.
I agree with this; also, the reason that your willingness to rely on one
key or the other are associated with who you think really "owns" the
key. even if an individual holds both keys, if the organization can
exert control over the use of one of them, there's a sense in which the
"ownership" of that key is different.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140423/00ec1711/attachment.sig>
More information about the Gnupg-users
mailing list