Hello Stefan. Am Mittwoch, den 31.10.2018, 18:59 +0100 schrieb Stefan Claas: > On Wed, 31 Oct 2018 18:53:33 +0100, Stefan Claas wrote: > > Hi all, > > > > i hope this is not to much off-topic... > > > > I recently signed up for the new Service of Germany's > > Bundesdruckerei*, to obtain a *qualified* X.509 Certificate, > > which is complaint with the EU's eIDAS regulation. > > Oh... sorry i mean *compliant* of course!
Compliant to... ^^ To answer your question, even if the answer is not what you expected: I don't think this would change anything on the reputation on your key. I even don't think there is any good reason for the EU-Regulation at all. There is much taste of "get the citizens money for everything" in it. ^^ The trust level for a key depends on the trust to the signature which are made for your key. There is no valid reason to trust "Governikus" or "D-Trust (Bundesdruckerei)" by default at all, especially for people in foreign countries. Even I don't do this. Best thing is to verify a key personally. I would create a file which describes how your key was verified before signing and the data FPR and UID of your gnupg key, sign this with your x.509 and create a detached signature with gnupg. Needles to say that you should use the key mentioned in the PDF. The wording should not be difficult itself. Something like: ---- The OpenPGP key key data is signed by Governikus..... <verification procedure...> <X.509 cert data> ... signed by ... ---- And so on. Regards, Dirk -- Dirk Gottschalk Paulusstrasse 6-8 52064 Aachen, Germany GPG: DDCB AF8E 0132 AA54 20AB B864 4081 0B18 1ED8 E838 Keybase.io: https://keybase.io/dgottschalk GitHub: https://github.com/Dirk1980ac
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users