UI terminology for calculated validities

MFPA 2014-667rhzu3dc-lists-groups at riseup.net
Fri May 2 15:57:46 CEST 2014

Hash: SHA512


On Friday 2 May 2014 at 3:38:17 AM, in <mid:1570455.5MFBMy4FEj at inno>,
Hauke Laging wrote:

> in my
> understanding you do exactly that: You accept a key for
> usage.

I see what you mean.

I accept a key for usage by applying a non-exportable signature. But I
neither accept nor reject any claim made or implied about the identity
its controller.

There is ambiguity in using the word "accept" and that is why I prefer
the word "activate."

> Whether you verify it  before is your decision.

What would you verify? For any encrypted mail I send, all that really
matters is the person controlling the email address I am sending to
can read emails that I encrypt to that key. A simple exchange of
messages verifies this.

Other people would have instances where they actually need to be
certain who controls that key. In extreme cases, somebody may even
need to know the person's legal name as recognised by their

> As more than one year has not been enough for me to
> write a  certification policy for my new key all my
> certifications are local  ones.

That is good. There are an awful lot of certifications out there from
keys for which there is no published certification policy. All of
these are essentially meaningless noise: unless we know what the
signer is claiming, how do we know what do do with their claim?

> I hope you don't
> misunderstand the feature: Local signature is not meant
> as "rather useless signature" but just as "not for the
> public".

Well, until/unless you have decided what you want to say, it is not a
good idea to make a public announcement.

> I have local certifications at cerification level 1
> (your case) and 3.

The majority of mine are level 0, even for people I have conversed
with on mailing lists for years. I don't have a single key on my
keyring from anybody I know in real life.

- --
Best regards

MFPA                    mailto:2014-667rhzu3dc-lists-groups at riseup.net

The problem is not that we're paranoid;
it's that we're not paranoid enough.


More information about the Gnupg-users mailing list