Signature without policy meaningless? (was Re: UI terminology for calculated validities)
2014-667rhzu3dc-lists-groups at riseup.net
Sun May 4 12:51:27 CEST 2014
-----BEGIN PGP SIGNED MESSAGE-----
On Sunday 4 May 2014 at 8:21:24 AM, in
<mid:5365EA74.5040502 at gmail.com>, NdK wrote:
> if I use tsig I'm doing both an "identity" signature and a trust
> signature. I see no way I can publicly say "I don't really know
> real-world identity of this subject, but I trust him as an introducer"
Generally speaking, why would the public need to know if *you* trust
him as an introducer?
Anyway, if you use "--ask-cert-level" when signing, and tell GnuPG
when it asks "I have not checked at all," you will make a "persona"
certification. I'm not sure if that works/makes sense with a trust
signature, since 0x11 (persona) certifications are generally ignored
in WoT calculations.
> (yep, might sound strange [*], but often a pseudonym is more meaningful
> than RL name, but pseudonyms aren't "good" in WoT): if I tsig his key,
> I'm cerifying his pseudonym -- that I shouldn't do since it's not on any
Who cares about documentation, so long as you actually know that key
is under the control of the entity using that name in conjunction with
that email address? Documents can be faked or fraudulently obtained,
and certain government agencies in some countries will issue their
agents with documents in false names if fact mirrors fiction.
MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net
Is it possible to be a closet claustrophobic?
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users