On Apr 25, 2008, at 3:57 AM, Werner Koch wrote:
On Thu, 24 Apr 2008 21:12, [EMAIL PROTECTED] said:
not how the OpenPGP trust system works. The person who gets to
decide
if a key+uid should be signed is the person who makes the signature.
Nitpicking: It is not the OpenPGP trust system, but the way almost all
OpenPGP applications are used (basically Web of Trust). OpenPGP is
just
a framework and you may implement any trust system on top of it; using
the mechanisms provided by OpenPGP.
I have to mention this because many people believe OpenPGP demands the
WoT and exclude OpenPGP from further inspection when searching for a
specialized PKI.
Absolutely. At one point there was talk about putting together an RFC
for a defined OpenPGP trust system (essentially documenting what we
have now), but there didn't seem to be much interest in it.
A significant use of OpenPGP is without the WoT at all.
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
