-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 01-10-2015 a las 5:33, Bob Henson escribió: ... > Authority key, say. But a signature of any person's key that you > have not met and positively verified is worse than useless as it > degrades the whole trust process. Someone who I had never > previously even heard of once signed my old, now revoked key - were > that person someone "known" to be nasty, it would have degraded my > key's value. The best it could have been is totally meaningless.
I think it is a mistake to consider a signature can degrade a key's value. After all, we CAN'T prevent people from signing our keys, unless we try to keep them off the keyservers. But keys tend to end in keyservers (probably they feel lonely and want to gather with their peers). And bogus signatures from bogus keys don't weaken the WoT, since a bogus key is not signed, so the signatures are meaningless. Of course these signatures increase the public key size, but you can distribute a clean copy of your key to your peers. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJWDw7uAAoJEMV4f6PvczxA39cIAKXhYP5iN+LFP3Fhj+n+b55S 4KXY6D0P0JV4DZYa6kN4duAn9jigM87xOrL4NiCbK+42wg4FkgZioIDxLJzV2C1L 8LQGxNWPfSgO0kbGQKyzsMkcsnc3HMLyiE5MnRH3jiq5arb+gQfO57YaMNRl6JdS ENpVM7GtxMoloFHZ9dJdhhv8IEqxHnoW3WkvbRZMfgiedj7YKcLDqADgqJ94fzMc HF280jXWKLbZHZhbp2XdopknzEGZqc02EZ4RBeAHse/jYPShyUfX3mJ/37jriVon sbZpzLHzxbMlzGVT8+zBzB34ei8ftb0dYaxk5FM7P4MNwycf5y5qaLDiGpT3PFI= =nKXX -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
