WoT question - policy

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Nov 16 14:03:09 CET 2018

On Thu 2018-11-15 23:41:32 +0100, Stefan Claas wrote:
> or if i sign with sig0 a key on a key signing party, where i also don't
> know that the person who attended is a good or bad person

OpenPGP identity certifications ("keysignings") make no claims one way
or the other about a person's moral character.

Such a certification is simply an assertion that the person holding the
indicated identity also controls the corresponding cryptographic key

This kind of confusion is exactly why i think cert-levels are a
"solution" in search of a problem.  People already find it hard enough
to reason about a distributed network of identity assertions (the "web
of trust") *without* having to factor in certification levels.

Keep it simple.  (or, don't bother)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20181116/66286ebd/attachment-0001.sig>

More information about the Gnupg-users mailing list