WoT question - policy

Stefan Claas stefan.claas at posteo.de
Thu Nov 15 23:41:32 CET 2018 

On Thu, 15 Nov 2018 22:54:01 +0100, Dirk Gottschalk wrote:

Hi Dirk,
 
> Am Donnerstag, den 15.11.2018, 21:05 +0100 schrieb Stefan Claas:

> > I disagree, with my humble approach imho third parties do not know
> > that people are my real friends, colleagues, or that i belong to a
> > certain group.  
> 
> The implication matters. For example: If you sign a three keys of,
> let's assume kidnappers, with level 3. I guess, police won't read and
> understand your policy first, you'll get a little trouble for sure.
> Okay, that is a bad example. But, the diagram will result in level 3
> Relations, what can lead to assumptions somebody does not want or
> intent.

You make a very important point, which i thought also about and
that is my little approach for covering my a*#. I would strongly
assume that law enforcement would also check a sig0 user,
regardless of policy or not, if something happens to a key owner,
or if i sign with sig0 a key on a key signing party, where i also don't
know that the person who attended is a good or bad person with a real
or fake id. I am totally unable to distinguish  between a real or fake
id nor do i know if a person is good or bad if i would attend such a
key signing party.

> > I am no expert, but i like to know from my example (because i don't
> > understand this) how could i trust this internal computation, when
> > it is only visible to me and not to third parties?  
> 
> It is based on your trust into the signers. There is a chain in trust
> dependencies for the trustdb. The levels full, marginal and so on lead
> to basical calculations in how reliable a key is, which is indirectly
> signed by trusted keys. I did not dig deeper into the GPG internals
> for this system, but I've already seen it works well, at least for me.

Like i said in my previous reply i have to study this in more depth.
 
Regards
Stefan


-- 
https://www.behance.net/futagoza
https://keybase.io/stefan_claas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: Digitale Signatur von OpenPGP
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20181115/339b8d2c/attachment.sig>

More information about the Gnupg-users mailing list