On Thu 2018-11-15 23:41:32 +0100, Stefan Claas wrote: > or if i sign with sig0 a key on a key signing party, where i also don't > know that the person who attended is a good or bad person
OpenPGP identity certifications ("keysignings") make no claims one way or the other about a person's moral character. Such a certification is simply an assertion that the person holding the indicated identity also controls the corresponding cryptographic key material. This kind of confusion is exactly why i think cert-levels are a "solution" in search of a problem. People already find it hard enough to reason about a distributed network of identity assertions (the "web of trust") *without* having to factor in certification levels. Keep it simple. (or, don't bother) --dkg
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users