WoT question - policy

Stefan Claas stefan.claas at posteo.de
Fri Nov 16 17:00:33 CET 2018

On Fri, 16 Nov 2018 08:03:09 -0500, Daniel Kahn Gillmor wrote:
> On Thu 2018-11-15 23:41:32 +0100, Stefan Claas wrote:
> > or if i sign with sig0 a key on a key signing party, where i also
> > don't know that the person who attended is a good or bad person  
> OpenPGP identity certifications ("keysignings") make no claims one way
> or the other about a person's moral character.
> Such a certification is simply an assertion that the person holding
> the indicated identity also controls the corresponding cryptographic
> key material.
> This kind of confusion is exactly why i think cert-levels are a
> "solution" in search of a problem.  People already find it hard enough
> to reason about a distributed network of identity assertions (the "web
> of trust") *without* having to factor in certification levels.

I understand your points, but like to point out my view of sig0
and why i think it is not good and why i wrote a policy that way.

> Keep it simple.  (or, don't bother)

Agreed, use X.509... ;-) (disagree, see my point when it comes
to Protection of Minors)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: Digitale Signatur von OpenPGP
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20181116/67a0a08f/attachment.sig>

More information about the Gnupg-users mailing list