Signature without policy meaningless? (was Re: UI terminology for calculated validities)
NdK
ndk.clanbo at gmail.com
Sat May 3 09:54:48 CEST 2014
Il 03/05/2014 01:10, Daniel Kahn Gillmor ha scritto:
> Having such an assertion cryptographically bound to the OpenPGP
> certificate in parseable form implies in some sense that you think a
> mechanical process (e.g. WoT calculated validity) should be able to make
> use of it. But how would that work?
Making WoT calculator avoid looking for keys signed by that user if
reached throught my certification.
> It sounds like you'd want to ask
> an OpenPGP to introduce an additional concept on top of the notions of
> validity and ownertrust (which are already confusing):
They work: I'm *really* confused. :)
> some sort of meta-ownertrust: instead of ownertrust's question of:
> "how much am i willing to rely on NdK's identity assertions",
Well, if ownertrust answers that, it's what I need: a way to say "I am
sure this key belongs to X, but I don't want it to be used to introduce
more keys in the WoT".
> meta-onwertrust would ask
> "how much am i willing to believe NdK's assessments of certification
> practice quality?" Who is going to understand this question? What kind
> of UI would you suggest for it?
No, it's not what I meant.
BYtE,
Diego.
More information about the Gnupg-users
mailing list