Signature without policy meaningless? (was Re: UI terminology for calculated validities)
MFPA
2014-667rhzu3dc-lists-groups at riseup.net
Sun May 4 12:51:27 CEST 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi
On Sunday 4 May 2014 at 8:21:24 AM, in
<mid:5365EA74.5040502 at gmail.com>, NdK wrote:
> if I use tsig I'm doing both an "identity" signature and a trust
> signature. I see no way I can publicly say "I don't really know
> real-world identity of this subject, but I trust him as an introducer"
Generally speaking, why would the public need to know if *you* trust
him as an introducer?
Anyway, if you use "--ask-cert-level" when signing, and tell GnuPG
when it asks "I have not checked at all," you will make a "persona"
certification. I'm not sure if that works/makes sense with a trust
signature, since 0x11 (persona) certifications are generally ignored
in WoT calculations.
> (yep, might sound strange [*], but often a pseudonym is more meaningful
> than RL name, but pseudonyms aren't "good" in WoT): if I tsig his key,
> I'm cerifying his pseudonym -- that I shouldn't do since it's not on any
> document.
Who cares about documentation, so long as you actually know that key
is under the control of the entity using that name in conjunction with
that email address? Documents can be faked or fraudulently obtained,
and certain government agencies in some countries will issue their
agents with documents in false names if fact mirrors fiction.
- --
Best regards
MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net
Is it possible to be a closet claustrophobic?
-----BEGIN PGP SIGNATURE-----
iPQEAQEKAF4FAlNmG75XFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5p37wD/1fW028NrIGE+pomNM7tSaqEa+T7Pp7RduFt
5esiT2r7DRGTExW1yzR1JXKZbM4C/l3z4wWa8STGgbVzowPApxhmnODYAXOaYEJE
nktZ/xheOVc0N6ktri3xW+OY5VnsSA2KSD8nNDbhqkD685kdmpXvFdiFn08MF3R8
SsHIE0ky
=30hS
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list