I just signed an OpenPGP key with cert level 0x12 (casual checking) given the following scenario:
* A PGP key was signed by an SSL certificate that was signed by a root CA * I verified that the signature was indeed from that root CA. * I striped the signature, and imported the PGP key. * I then signed the key, exported, and sent back. What are your thoughts on using root CAs as a trusted 3rd party for trusting that a key is owned by whom it claims? Of course, this is merely for casual checking, but it seems to be "good enough". Thoughts? -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o
pgpmMdilzrAkw.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users