WoT question - policy
stefan.claas at posteo.de
Fri Nov 16 00:53:23 CET 2018
On Fri, 16 Nov 2018 00:40:11 +0100, Dirk Gottschalk wrote:
> Am Donnerstag, den 15.11.2018, 23:41 +0100 schrieb Stefan Claas:
> > You make a very important point, which i thought also about and
> > that is my little approach for covering my a*#. I would strongly
> > assume that law enforcement would also check a sig0 user,
> > regardless of policy or not, if something happens to a key owner,
> > or if i sign with sig0 a key on a key signing party, where i also
> > don't know that the person who attended is a good or bad person with
> > a real or fake id. I am totally unable to distinguish between a
> > real or fake id nor do i know if a person is good or bad if i would
> > attend such a key signing party.
> That was a bad example. But you see what I meant. Signature levels
> imply in some cases the assumption that it is related to the relation
> of people whether it's right or wrong.
No, no... this absolutely no bad example, regardless of sig level!
I wish that more users on the Mailing List would participate in this
discussion and critic or comment my policy. I would also very much
appreciate a proper formulated policy of mine, from a native English
speaker. Regardless whether he / she likes my policy, or not!
> There's documentation about the trustdb. I read it a while ago, but
> not entirely. You can also set the amount of needed signatures for the
> trust calculations and so on. Then comes the trust deepness into play.
> I also have to read further because I want to "abuse" GnuPG for an
> email controlled bot system inside a bigger company as part of the
> security concept. The commands shall be encrypted and signed and some
> function should be usable by "unknown" users with the needed trust
> level and so on.
Sounds interesting! I will check the docs, thanks!
I must say good night now because it is already late! ;-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 228 bytes
Desc: Digitale Signatur von OpenPGP
More information about the Gnupg-users