UI terminology for calculated validities

MFPA 2014-667rhzu3dc-lists-groups at riseup.net
Fri May 2 15:57:46 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Friday 2 May 2014 at 3:38:17 AM, in <mid:1570455.5MFBMy4FEj at inno>,
Hauke Laging wrote:


> in my
> understanding you do exactly that: You accept a key for
> usage.

I see what you mean.

I accept a key for usage by applying a non-exportable signature. But I
neither accept nor reject any claim made or implied about the identity
its controller.

There is ambiguity in using the word "accept" and that is why I prefer
the word "activate."



> Whether you verify it  before is your decision.

What would you verify? For any encrypted mail I send, all that really
matters is the person controlling the email address I am sending to
can read emails that I encrypt to that key. A simple exchange of
messages verifies this.

Other people would have instances where they actually need to be
certain who controls that key. In extreme cases, somebody may even
need to know the person's legal name as recognised by their
government.



> As more than one year has not been enough for me to
> write a  certification policy for my new key all my
> certifications are local  ones.

That is good. There are an awful lot of certifications out there from
keys for which there is no published certification policy. All of
these are essentially meaningless noise: unless we know what the
signer is claiming, how do we know what do do with their claim?



> I hope you don't
> misunderstand the feature: Local signature is not meant
> as "rather useless signature" but just as "not for the
> public".

Well, until/unless you have decided what you want to say, it is not a
good idea to make a public announcement.



> I have local certifications at cerification level 1
> (your case) and 3.

The majority of mine are level 0, even for people I have conversed
with on mailing lists for years. I don't have a single key on my
keyring from anybody I know in real life.

- --
Best regards

MFPA                    mailto:2014-667rhzu3dc-lists-groups at riseup.net

The problem is not that we're paranoid;
it's that we're not paranoid enough.
-----BEGIN PGP SIGNATURE-----

iPQEAQEKAF4FAlNjpF9XFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5pdPIEAKv4sTB1JxWVu7+T9eXeyzLz84ENo75bu3Ik
1eIJqOfh7y3SOCRiTL6xCKDMOYFV19ag3l5rFMIJZKap8M7PvUvNiaYQg4NYiGCh
gJeb2FJ6X/OKDOyrY6/4a6QnCmPRDYVQtlEMbuJh1cvlR3HVJIMls+OHboKWQbnD
51omqCwZ
=2xm6
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list