Signature without policy meaningless? (was Re: UI terminology for calculated validities)
Peter Lebbing
peter at digitalbrains.com
Fri May 2 17:12:46 CEST 2014
On 02/05/14 15:57, MFPA wrote:
> That is good. There are an awful lot of certifications out there from
> keys for which there is no published certification policy. All of
> these are essentially meaningless noise: unless we know what the
> signer is claiming, how do we know what do do with their claim?
I don't quite understand. If I know someone, I can talk with them about how they
verify ownership before they sign. Then I can judge whether I agree and assign
ownertrust accordingly.
If I don't know them, I wouldn't assign ownertrust even if their policy came
with sparkles, glitter and a free magazine subscription.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list