Signature without policy meaningless? (was Re: UI terminology for calculated validities)
2014-667rhzu3dc-lists-groups at riseup.net
Sun May 4 13:03:48 CEST 2014
-----BEGIN PGP SIGNED MESSAGE-----
On Saturday 3 May 2014 at 9:50:47 AM, in
<mid:CAAu18hfmCwf3Gv68b_D_Y9Rr9JVUO_A0NEA6vRGR+ZB4OY3t0A at mail.gmail.com>,
Nicholas Cole wrote:
> [*] I'm aware there are problems with "marginal trust"
> related the fact that the requirement of three
> marginally trusted signatures to confer validity may in
> fact be fairly weak. The three signatures may not, in
> fact, be made independently of each other (consider
> three keys owned by the same person which all introduce
> a third key, for example, or multiple signatures made a
> single key-signing party).
The default is three but you can change it to whatever number you
want. I wonder what the effect might be if the default trust level "I
don't know or won't say" were treated in calculations as a
marginal-marginal, needing perhaps the cube or fourth power of the
required number of marginals to confer validity?
MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net
Life is a holiday. In the same way that glass is a liquid.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users