Slightly OT - i need the proper wording for a signed document

Wiktor Kwapisiewicz wiktor at metacode.biz
Thu Nov 1 20:14:19 CET 2018


On 01.11.2018 11:19, stefan.claas at posteo.de wrote:
> And this is the problem i have since 1994/95... For me signatures
> made with PGP / GnuPG have no weight, for several reasons, except
> those made from Governikus and maybe CT Magazine signed keys.

I, for one, like the OpenPGP's approach of "choose your own trust
model". Someone will trust Governikus, someone will trust random
internet people, someone will marginally trust them or a selected set of
people they think are trustworthy. (By the way too bad that Governikus
doesn't add Policy URLs to their signatures [0], it would be easier to
read about their procedures for people that don't know them).

Of course, this comes at the expense of user friendliness but there are
already easier trust alternatives in GnuPG (e.g. TOFU).

On 01.11.2018 16:09, Dirk Gottschalk via Gnupg-users wrote:> This isn't
the Problem at alöl. X.509 is a really good standard. I use
> it mysqld really often for signing PDFs or some other things. 

Do you mean X.509 is technically good or just more widely supported in
software than OpenPGP? For me there are only few cases where X.509
infrastructure has something that OpenPGP lacks (e.g. timestamping).

Kind regards,
Wiktor

[0]:
https://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0xAFCDE102C7FAAD6E

-- 
https://metacode.biz/@wiktor



More information about the Gnupg-users mailing list