UI terminology for calculated validities

MFPA 2014-667rhzu3dc-lists-groups at riseup.net
Sat Apr 26 13:03:14 CEST 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
NotDashEscaped: You need GnuPG to verify this message

Hi


On Friday 25 April 2014 at 5:38:15 AM, in
<mid:1619717.pObFgkP320 at inno>, Hauke Laging wrote:



> a) You always want to use fingerprints instead.

Fair enough.



> b) You do not need any reference to a key anyway
> because it is  absolutely clear which keys this
> statement refers to if one key signs  another.

I take your point, but would prefer such a fundamental statement about
shared genesis of multiple keys to reference those keys directly.
After all, as well as claiming "this other key is also mine"
(corroborated by cross-signing), you would also be indicating your
intention that your set of keys should be treated as one key for the
purpose of trust calculations. It needs to be as deliberate and
explicit as reasonably possible, with room for error minimised.



> c) I would like to handle that with an generic
> notation. I see a strong need for an expression about
> the relation of the signer to the owner of the signed
> key. It makes a big difference whether I say "This is
> some  foreigner which has shown me some ID (see
> separate notation for  details)" or "This is my
> sister".

I can see the point of differentiating between a certification on the
key of somebody you actually know and on the key of somebody you don't
know but checked id. But I agree with DKG that "This is my
sister/neighbour/work-colleague/friend-since-childhood" etc is too
much information that could backfire on people.


--
Best regards

MFPA                    mailto:2014-667rhzu3dc-lists-groups at riseup.net

There is no snooze button for a cat that wants breakfast
-----BEGIN PGP SIGNATURE-----

iPQEAQEKAF4FAlNbkn9XFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5p3nYD/1EZP3ffXzw0XbvzCn4JGa0yd/AUTBdHALl1
AfsdQliUE0hbwwny2K1pWW24OZb+YmmQHfMsq6qpvjRC/0z3yagB4Kq/iPIdrTD/
ATANuX9Ej91IjU1dWEgN9U6PYmTZ4wFY0YFEFmGD50i1uiEKZUp7aH29qghZYHLK
jh0CAOWw
=oeGc
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list